mirrors/janet
1
0
Fork 0
mirror of https://github.com/janet-lang/janet synced 2025-11-19 08:45:11 +00:00
Code Issues 1 Releases Wiki Activity

Fix memory leak and use after free

Browse Source 
Use after free was caused by missing janet_gcroot call when
setting up thread.
This commit is contained in:
Calvin Rose
2021-08-19 21:51:53 -05:00
parent cc066dd6a1
commit c8827424e7
3 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/core/marsh.c
View File

@@ -1143,17 +1143,16 @@ static const uint8_t *unmarshal_one_abstract(UnmarshalState *st, const uint8_t *
Janet key;
data = unmarshal_one(st, data, &key, flags + 1);
const JanetAbstractType *at = janet_get_abstract_type(key);
if (at == NULL) goto oops;
if (at == NULL) janet_panic("unknown abstract type");
if (at->unmarshal) {
JanetMarshalContext context = {NULL, st, flags, data, at};
*out = janet_wrap_abstract(at->unmarshal(&context));
if (context.at != NULL) {
janet_panicf("janet_unmarshal_abstract not called");
janet_panic("janet_unmarshal_abstract not called");
}
return context.data;
}
oops:
janet_panic("invalid abstract type");
janet_panic("invalid abstract type - no unmarshal function pointer");
}
static const uint8_t *unmarshal_one(