diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2021-10-21 00:10:47 -0500 |
|---|---|---|
| committer | Nicolas Williams <nico@cryptonector.com> | 2021-10-24 16:23:26 -0500 |
| commit | 582717a7b4af6ce0e231b9aee090107235ef2d0f (patch) | |
| tree | b6b5b56c5aab6918c6e19c9154800ffad7edd2b8 | |
| parent | 07dc653ae151a8320646a1c955839fb88d4a5546 (diff) | |
| download | jq-582717a7b4af6ce0e231b9aee090107235ef2d0f.tar.gz | |
Fix crash in LOADVN when stack grows
This `stack_push()` call in LOADVN invalidates `var`:
jv* var = frame_local_var(jq, v, level);
jv_free(stack_popn(jq));
------>stack_push(jq, *var);
*var = jv_null();
^^^^^^
We have to re-compute `var`:
jv* var = frame_local_var(jq, v, level);
jv_free(stack_popn(jq));
stack_push(jq, *var);
------>var = frame_local_var(jq, v, level);
*var = jv_null();
| -rw-r--r-- | src/execute.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/execute.c b/src/execute.c index fd2ab2c..d840582 100644 --- a/src/execute.c +++ b/src/execute.c @@ -561,7 +561,11 @@ jv jq_next(jq_state *jq) { printf(" (%d)\n", jv_get_refcnt(*var)); } jv_free(stack_popn(jq)); + + // This `stack_push()` invalidates the `var` reference, so stack_push(jq, *var); + // we have to re-resolve `var` before we can set it to null + var = frame_local_var(jq, v, level); *var = jv_null(); break; } |