mirror of
https://github.com/janet-lang/janet
synced 2025-01-27 23:54:45 +00:00
Fix peg bug with arguments.
By holding on a reference to argv for a long time, we may trigger a use after free bug if the stack is resized. In janet c function, argv is only vvalid up until the next stack operation on the fiber. We could say that this is the dynamic lifetime of argv. To fix this, we copy extra arguments into a tuple, which is properly garbage collected.
This commit is contained in:
parent
fa1c5c85b5
commit
ed65d04b81
@ -1033,7 +1033,7 @@ static Janet cfun_peg_match(int32_t argc, Janet *argv) {
|
|||||||
if (argc > 2) {
|
if (argc > 2) {
|
||||||
start = janet_gethalfrange(argv, 2, bytes.len, "offset");
|
start = janet_gethalfrange(argv, 2, bytes.len, "offset");
|
||||||
s.extrac = argc - 3;
|
s.extrac = argc - 3;
|
||||||
s.extrav = argv + 3;
|
s.extrav = janet_tuple_n(argv + 3, argc - 3);
|
||||||
} else {
|
} else {
|
||||||
start = 0;
|
start = 0;
|
||||||
s.extrac = 0;
|
s.extrac = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user