[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: double free error in gawk
|
From: |
Andrew J. Schorr |
|
Subject: |
Re: double free error in gawk |
|
Date: |
Thu, 2 Jul 2020 14:17:24 -0400 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi,
On Thu, Jul 02, 2020 at 12:02:49PM -0600, arnold@skeeve.com wrote:
> Turns out there was indeed a bug in gawk; the double free error was
> a real one.
>
> Here's the fix. Thanks for the report.
>
> Andy, thanks for the debugging patch.
Thanks for finding and fixing it. I had concluded that the problem was in
fields.c, but I hadn't yet found the time to nail it down.
> @@ -230,6 +230,7 @@ rebuild_record()
> }
>
> n->stptr = cops;
> + n->flags &= ~(MPFN|MPZN);
> unref(r);
> fields_arr[i] = n;
> assert((n->flags & WSTRCUR) == 0);
>
This does make one wonder: that code simply copies n->flags from r->flags,
and now it's turning off MPFN and MPZN. Is it clear that the other
flags are correct? Should we perhaps simply set n->flags explicitly
instead of copying it from the previous field? Is it supposed
to be (STRING|STRCUR|USER_INPUT)?
Regards,
Andy