Branch: Tag:

2017-10-15

2017-10-15 11:29:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Mappings: Use sub_ref() when we know that we have extra refs.

Fixes [CID 742747] and [CID 742750].

930:    struct keypair *k, **prev;    struct mapping_data *md, *omd;    int grow_md; +  int refs;      #ifdef PIKE_DEBUG    if(m->data->refs <=0)
991: Inside #if defined(PIKE_DEBUG)
   Pike_fatal("Wrong dataset in mapping_insert!\n");    if(d_flag>1) check_mapping(m);   #endif -  free_mapping_data(md); +  /* NB: We know that md has a reference from the mapping +  * in addition to our reference. +  * +  * The use of sub_ref() silences warnings from Coverity, as well as +  * on the off chance of a reference counting error avoids accessing +  * freed memory. +  */ +  refs = sub_ref(md); /* free_mapping_data(md); */ +  assert(refs);       grow_md = MD_FULLP(md);   
1048:    struct keypair *k, **prev;    struct mapping_data *md,*omd;    int grow_md; +  int refs;      #ifdef PIKE_DEBUG    if(m->data->refs <=0)
1110: Inside #if defined(PIKE_DEBUG)
   if(d_flag)    check_mapping(m);   #endif -  free_mapping_data(md); +  /* NB: We know that md has a reference from the mapping +  * in addition to our reference. +  * +  * The use of sub_ref() silences warnings from Coverity, as well as +  * on the off chance of a reference counting error avoids accessing +  * freed memory. +  */ +  refs = sub_ref(md); /* free_mapping_data(md); */ +  assert(refs);       if(t != T_INT) return 0;