From 2b06086473b466fe989ce8629f941b9539ba1095 Mon Sep 17 00:00:00 2001
From: Thomas Voss <mail@thomasvoss.com>
Date: Tue, 9 Jul 2024 22:18:07 +0200
Subject: Patch use-after-free

---
 src/parser.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/parser.c b/src/parser.c
index 3fdde5e..defe47d 100644
--- a/src/parser.c
+++ b/src/parser.c
@@ -269,7 +269,7 @@ parseexpratom(ast_t *ast, lexemes_t toks)
 		return i;
 	}
 
-	idx_t i = astalloc(ast);
+	idx_t i = astalloc(ast), rhs;
 
 	ast->lexemes[i] = toksidx;
 
@@ -287,15 +287,18 @@ parseexpratom(ast_t *ast, lexemes_t toks)
 		   just ignoring it in parsing though, because we need to
 		   disallow the statements ‘x := 0; +x = 1;’ */
 		ast->kinds[i] = ASTUNPLUS;
-		ast->kids[i].rhs = parseexpratom(ast, toks);
+		rhs = parseexpratom(ast, toks);
+		ast->kids[i].rhs = rhs;
 		break;
 	case LEXMINUS:
 		ast->kinds[i] = ASTUNNEG;
-		ast->kids[i].rhs = parseexpratom(ast, toks);
+		rhs = parseexpratom(ast, toks);
+		ast->kids[i].rhs = rhs;
 		break;
 	case LEXTILDE:
 		ast->kinds[i] = ASTUNCMPL;
-		ast->kids[i].rhs = parseexpratom(ast, toks);
+		rhs = parseexpratom(ast, toks);
+		ast->kids[i].rhs = rhs;
 		break;
 	default:
 		err("parser: Invalid expression leaf");
-- 
cgit v1.2.3