OSO/TinyCC
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix access-after-free with statement expressions

Browse Source 
The return value of statement expressions might refer to local
symbols, so those can't be popped.  The old error message always
was just a band-aid, and since disabling it for pointer types it
wasn't effective anyway.  It also never considered that also the
vtop->sym member might have referred to such symbols (see the
testcase with the local static, that used to segfault).

For fixing this (can be seen better with valgrind and SYM_DEBUG)
simply leave local symbols of stmt exprs on the stack.
This commit is contained in:
Michael Matz
2016-08-15 05:09:31 +02:00
parent d0d25ec7df
commit be6d8ffc10
4 changed files with 76 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libtcc.c
View File

@ -677,8 +677,8 @@ static int tcc_compile(TCCState *s1)
s1->error_set_jmp_enabled = 0;
free_inline_functions(s1);
sym_pop(&global_stack, NULL);
sym_pop(&local_stack, NULL);
sym_pop(&global_stack, NULL, 0);
sym_pop(&local_stack, NULL, 0);
return s1->nb_errors != 0 ? -1 : 0;
}