pike.git/ src/ interpret.h

2017-07-05

2017-07-05 08:04:14 by Henrik Grubbström (Grubba) <grubba@grubba.org>

• ff5c35ac61dd5c3b0f38fc2d245c2a73153c4618 (10 lines) (+8/-2) ^{[ Show | Annotate ]}
  Branch: 8.1

Runtime: Fixed dereferance and/or free of uninitialized pointer.

The PIKE_FRAME_SAVE_LOCALS flag was unintentionally propagated
to the current frame by unlink_previous_frame(), and the
corresponding pointer is not cleared by alloc_pike_frame(), so
previously freed memory could be written to by eg F_SAVE_LOCALS,
and would be freed again by eg really_free_pike_frame().

Fixes testsuite failures.

Also adds some related paranoioa regarding the flag.

148:   #define PIKE_FRAME_SAVE_LOCALS 0x4000 /* save_locals_bitmask is set */   #define PIKE_FRAME_MALLOCED_LOCALS 0x8000    + #define PIKE_FRAME_RETURN_MASK (PIKE_FRAME_RETURN_INTERNAL|PIKE_FRAME_RETURN_POP) + #define PIKE_FRAME_LOCALS_MASK (PIKE_FRAME_SAVE_LOCALS|PIKE_FRAME_MALLOCED_LOCALS) +    struct external_variable_context   {    struct object *o;
612:    } \    } \    } \ -  _fp_->flags &= ~PIKE_FRAME_SAVE_LOCALS; \ -  free(_fp_->save_locals_bitmask); \ +  if(_fp_->flags & PIKE_FRAME_SAVE_LOCALS) { \ +  _fp_->flags &= ~PIKE_FRAME_SAVE_LOCALS; \ +  free(_fp_->save_locals_bitmask); \ +  } \    _fp_->num_locals = num_new_locals; \    _fp_->locals=s; \    _fp_->flags|=PIKE_FRAME_MALLOCED_LOCALS; \