1
0
mirror of https://github.com/janet-lang/janet synced 2025-01-27 23:54:45 +00:00

Fix peg bug with arguments.

By holding on a reference to argv for a long time, we
may trigger a use after free bug if the stack is resized. In
janet c function, argv is only vvalid up until the next stack operation
on the fiber. We could say that this is the dynamic lifetime of
argv.

To fix this, we copy extra arguments into a tuple, which is properly
garbage collected.
This commit is contained in:
Calvin Rose 2019-04-07 15:14:54 -04:00
parent fa1c5c85b5
commit ed65d04b81

View File

@ -1033,7 +1033,7 @@ static Janet cfun_peg_match(int32_t argc, Janet *argv) {
if (argc > 2) { if (argc > 2) {
start = janet_gethalfrange(argv, 2, bytes.len, "offset"); start = janet_gethalfrange(argv, 2, bytes.len, "offset");
s.extrac = argc - 3; s.extrac = argc - 3;
s.extrav = argv + 3; s.extrav = janet_tuple_n(argv + 3, argc - 3);
} else { } else {
start = 0; start = 0;
s.extrac = 0; s.extrac = 0;