From 2b06086473b466fe989ce8629f941b9539ba1095 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Tue, 9 Jul 2024 22:18:07 +0200 Subject: Patch use-after-free --- BUGS | 10 +--------- src/parser.c | 11 +++++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/BUGS b/BUGS index c8bf8b6..857427b 100644 --- a/BUGS +++ b/BUGS @@ -23,15 +23,7 @@ foo :: () { return foo(); } /* breaks */ -3. The following example function has a use-after-free for a yet - undiagnosed reason: - - iota :: () int { - x: int = -1; - return x; - } - -4. Variable shadowing breaks when you create a local variable with the +3. Variable shadowing breaks when you create a local variable with the same name as the parent function, failing with a circular-dependency: foo :: () { foo := 5; } diff --git a/src/parser.c b/src/parser.c index 3fdde5e..defe47d 100644 --- a/src/parser.c +++ b/src/parser.c @@ -269,7 +269,7 @@ parseexpratom(ast_t *ast, lexemes_t toks) return i; } - idx_t i = astalloc(ast); + idx_t i = astalloc(ast), rhs; ast->lexemes[i] = toksidx; @@ -287,15 +287,18 @@ parseexpratom(ast_t *ast, lexemes_t toks) just ignoring it in parsing though, because we need to disallow the statements ‘x := 0; +x = 1;’ */ ast->kinds[i] = ASTUNPLUS; - ast->kids[i].rhs = parseexpratom(ast, toks); + rhs = parseexpratom(ast, toks); + ast->kids[i].rhs = rhs; break; case LEXMINUS: ast->kinds[i] = ASTUNNEG; - ast->kids[i].rhs = parseexpratom(ast, toks); + rhs = parseexpratom(ast, toks); + ast->kids[i].rhs = rhs; break; case LEXTILDE: ast->kinds[i] = ASTUNCMPL; - ast->kids[i].rhs = parseexpratom(ast, toks); + rhs = parseexpratom(ast, toks); + ast->kids[i].rhs = rhs; break; default: err("parser: Invalid expression leaf"); -- cgit v1.2.3