Else, range_expr_value_high() will see a 0 length when doing: mpz_init_bitmask(tmp, expr->len - expr->prefix_len); This wasn't a problem so far because prefix expressions generated from "string*" were never passed down to the prefix->range conversion functions. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/evaluate.c | 1 + src/expression.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/evaluate.c b/src/evaluate.c index d5ae071add1f..a20cc396b33f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -347,6 +347,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) datatype_set(prefix, ctx->ectx.dtype); prefix->flags |= EXPR_F_CONSTANT; prefix->byteorder = BYTEORDER_HOST_ENDIAN; + prefix->len = expr->len; expr_free(expr); *exprp = prefix; diff --git a/src/expression.c b/src/expression.c index 9c9a7ced9121..deb649e1847b 100644 --- a/src/expression.c +++ b/src/expression.c @@ -1465,6 +1465,7 @@ void range_expr_value_high(mpz_t rop, const struct expr *expr) return mpz_set(rop, expr->value); case EXPR_PREFIX: range_expr_value_low(rop, expr->prefix); + assert(expr->len >= expr->prefix_len); mpz_init_bitmask(tmp, expr->len - expr->prefix_len); mpz_add(rop, rop, tmp); mpz_clear(tmp); -- 2.35.1
