From d31934ac7738cddf9ba8b9415427fa6a7a1ee7e5 Mon Sep 17 00:00:00 2001 From: Max Brunsfeld Date: Mon, 5 Sep 2016 21:41:33 -0700 Subject: [PATCH] Avoid potential use after free in stack__iter --- src/runtime/stack.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/runtime/stack.c b/src/runtime/stack.c index 65b5a600..8e74cd04 100644 --- a/src/runtime/stack.c +++ b/src/runtime/stack.c @@ -204,6 +204,7 @@ INLINE StackPopResult stack__iter(Stack *self, StackVersion version, array_clear(&self->iterators); StackHead *head = array_get(&self->heads, version); + unsigned push_count = head->push_count; Iterator iterator = { .node = head->node, .trees = array_new(), @@ -233,7 +234,7 @@ INLINE StackPopResult stack__iter(Stack *self, StackVersion version, if (!ts_tree_array_copy(trees, &trees)) goto error; array_reverse(&trees); - if (!ts_stack__add_slice(self, node, &trees, head->push_count + iterator->push_count)) + if (!ts_stack__add_slice(self, node, &trees, push_count + iterator->push_count)) goto error; }