From c0ba18c37e3fff1b454934ebedf97b09231c0831 Mon Sep 17 00:00:00 2001
From: William Bell <62452284+Ugric@users.noreply.github.com>
Date: Tue, 11 Nov 2025 03:11:09 +0000
Subject: [PATCH] fix buffer overflow in hashmap to array function.

---
 src/memory.c                                | 25 ++++++++++++++++-----
 src/runtime/internals/hashmap/hashmap.c     | 18 +++++++--------
 src/runtime/objects/dictionary/dictionary.c |  3 +--
 tests/iteration-test.ar                     |  7 ++----
 4 files changed, 32 insertions(+), 21 deletions(-)

diff --git a/src/memory.c b/src/memory.c
index 0300d88..81a1c51 100644
--- a/src/memory.c
+++ b/src/memory.c
@@ -7,11 +7,11 @@
 #include "memory.h"
 #include <gc.h>
 #include <gc/gc.h>
+#include <pthread.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h> // for malloc/free (temp arena fallback)
 #include <string.h>
-#include <pthread.h>
 
 void *checked_malloc(size_t size) {
   void *ptr = malloc(size);
@@ -22,14 +22,15 @@ void *checked_malloc(size_t size) {
   return ptr;
 }
 
-struct allocation*memory_allocations = NULL;
+struct allocation *memory_allocations = NULL;
 size_t memory_allocations_size = 0;
 pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
 
 void ar_memory_init() {
   GC_INIT();
   // memory_allocations_size = 8;
-  // memory_allocations = malloc(memory_allocations_size*sizeof(struct allocation));
+  // memory_allocations = malloc(memory_allocations_size*sizeof(struct
+  // allocation));
 }
 
 void ar_memory_shutdown() {
@@ -41,9 +42,23 @@ void ar_memory_shutdown() {
   // free(memory_allocations);
 }
 
-void *ar_alloc(size_t size) { return GC_MALLOC(size); }
+void *ar_alloc(size_t size) {
+  void *ptr = GC_MALLOC(size);
+  if (!ptr) {
+    fprintf(stderr, "panic: unable to allocate memory\n");
+    exit(EXIT_FAILURE);
+  }
+  return ptr;
+}
 
-void *ar_realloc(void *old, size_t size) { return GC_REALLOC(old, size); }
+void *ar_realloc(void *old, size_t size) {
+  void *ptr = GC_REALLOC(old, size);
+  if (!ptr) {
+    fprintf(stderr, "panic: unable to allocate memory\n");
+    exit(EXIT_FAILURE);
+  }
+  return ptr;
+}
 
 void ar_finalizer(void *obj, GC_finalization_proc fn, void *client_data,
                   GC_finalization_proc *old_fn, void **old_client_data) {
diff --git a/src/runtime/internals/hashmap/hashmap.c b/src/runtime/internals/hashmap/hashmap.c
index 1b15e36..bcfb63a 100644
--- a/src/runtime/internals/hashmap/hashmap.c
+++ b/src/runtime/internals/hashmap/hashmap.c
@@ -28,8 +28,8 @@ struct hashmap_GC *createHashmap_GC() {
 }
 
 static int compare_node_asc(const void *a, const void *b) {
-  const struct node_GC *na = *((const struct node_GC **)a);
-  const struct node_GC *nb = *((const struct node_GC **)b);
+  const struct node_GC *na = *(const struct node_GC **)a;
+  const struct node_GC *nb = *(const struct node_GC **)b;
 
   // Ascending order (smallest order first)
   if (na->order < nb->order)
@@ -43,30 +43,30 @@ void hashmap_GC_to_array(struct hashmap_GC *t, struct node_GC ***array,
                          size_t *array_length) {
   size_t array_size = 8;
   *array_length = 0;
-  *array = ar_alloc(array_size * sizeof(struct node_GC *));
+  *array = ar_alloc(array_size * sizeof(struct node_GC*));
 
   for (size_t i = 0; i < t->inline_count; i++) {
     if (*array_length >= array_size) {
       array_size *= 2;
-      *array = ar_realloc(*array, array_size * sizeof(struct node_GC *));
+      *array = ar_realloc(*array, array_size * sizeof(struct node_GC*));
     }
     (*array)[(*array_length)++] = &t->inline_values[i];
   }
 
   for (size_t i = 0; i < t->size; i++) {
-    if (*array_length >= array_size) {
-      array_size *= 2;
-      *array = ar_realloc(*array, array_size * sizeof(struct node_GC *));
-    }
     struct node_GC *list = t->list[i];
     struct node_GC *temp = list;
     while (temp) {
+      if (*array_length >= array_size) {
+        array_size *= 2;
+        *array = ar_realloc(*array, array_size * sizeof(struct node_GC*));
+      }
       (*array)[(*array_length)++] = temp;
       temp = temp->next;
     }
   }
 
-  qsort(*array, *array_length, sizeof(struct node_GC *), compare_node_asc);
+  qsort(*array, *array_length, sizeof(struct node_GC*), compare_node_asc);
 }
 
 void clear_hashmap_GC(struct hashmap_GC *t) {
diff --git a/src/runtime/objects/dictionary/dictionary.c b/src/runtime/objects/dictionary/dictionary.c
index 18d28f0..fc4f01d 100644
--- a/src/runtime/objects/dictionary/dictionary.c
+++ b/src/runtime/objects/dictionary/dictionary.c
@@ -54,8 +54,7 @@ ArgonObject *create_ARGON_DICTIONARY_TYPE___string__(size_t argc,
   memcpy(string + string_length, string_obj, length);
   string_length += length;
   for (size_t i = 0; i < keys_length; i++) {
-    struct node_GC* node = keys[i];
-    if (!node) { fprintf(stderr, "NULL node at %zu\n", i); continue; }
+    struct node_GC *node = keys[i];
     ArgonObject *key = node->key;
     ArgonObject *value = node->val;
 
diff --git a/tests/iteration-test.ar b/tests/iteration-test.ar
index 7a28707..6a8e49c 100644
--- a/tests/iteration-test.ar
+++ b/tests/iteration-test.ar
@@ -1,6 +1,3 @@
-#term.log(global)
-let i = 1e7
+let i = 0
 while (true) do
-  term.log(global)
-  #i=i-1
-  #term.log(i)
\ No newline at end of file
+  string(global)
\ No newline at end of file