mirrors/janet
1
0
Fork 0
mirror of https://github.com/janet-lang/janet synced 2025-10-29 06:37:41 +00:00
Code Issues 1 Releases Wiki Activity

Fix peg bug with arguments.

Browse Source 
By holding on a reference to argv for a long time, we
may trigger a use after free bug if the stack is resized. In
janet c function, argv is only vvalid up until the next stack operation
on the fiber. We could say that this is the dynamic lifetime of
argv.

To fix this, we copy extra arguments into a tuple, which is properly
garbage collected.
This commit is contained in:
Calvin Rose
2019-04-07 15:14:54 -04:00
parent fa1c5c85b5
commit ed65d04b81
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/peg.c
View File

@@ -1033,7 +1033,7 @@ static Janet cfun_peg_match(int32_t argc, Janet *argv) {
if (argc > 2) {
start = janet_gethalfrange(argv, 2, bytes.len, "offset");
s.extrac = argc - 3;
s.extrav = argv + 3;
s.extrav = janet_tuple_n(argv + 3, argc - 3);
} else {
start = 0;
s.extrac = 0;