diff options
| author | Mike Pall <mike> | 2023-10-21 13:11:50 +0200 |
|---|---|---|
| committer | Mike Pall <mike> | 2023-10-21 13:11:50 +0200 |
| commit | db944b2b56c86fcf133745976763604d96110285 (patch) | |
| tree | ba8ab9c884d91ad38572192babdf7f9542a1ecf2 | |
| parent | f72c19e482b6f918b7cf42b0436e2b117d160a29 (diff) | |
| download | luajit-db944b2b56c86fcf133745976763604d96110285.tar.gz luajit-db944b2b56c86fcf133745976763604d96110285.tar.bz2 luajit-db944b2b56c86fcf133745976763604d96110285.zip | |
FFI: Fix dangling reference to CType in carith_checkarg().
Reported by Sergey Kaplun. #1108
| -rw-r--r-- | src/lj_carith.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lj_carith.c b/src/lj_carith.c index 96384e87..bad5fe66 100644 --- a/src/lj_carith.c +++ b/src/lj_carith.c | |||
| @@ -42,9 +42,13 @@ static int carith_checkarg(lua_State *L, CTState *cts, CDArith *ca) | |||
| 42 | p = (uint8_t *)cdata_getptr(p, ct->size); | 42 | p = (uint8_t *)cdata_getptr(p, ct->size); |
| 43 | if (ctype_isref(ct->info)) ct = ctype_rawchild(cts, ct); | 43 | if (ctype_isref(ct->info)) ct = ctype_rawchild(cts, ct); |
| 44 | } else if (ctype_isfunc(ct->info)) { | 44 | } else if (ctype_isfunc(ct->info)) { |
| 45 | CTypeID id0 = i ? ctype_typeid(cts, ca->ct[0]) : 0; | ||
| 45 | p = (uint8_t *)*(void **)p; | 46 | p = (uint8_t *)*(void **)p; |
| 46 | ct = ctype_get(cts, | 47 | ct = ctype_get(cts, |
| 47 | lj_ctype_intern(cts, CTINFO(CT_PTR, CTALIGN_PTR|id), CTSIZE_PTR)); | 48 | lj_ctype_intern(cts, CTINFO(CT_PTR, CTALIGN_PTR|id), CTSIZE_PTR)); |
| 49 | if (i) { /* cts->tab may have been reallocated. */ | ||
| 50 | ca->ct[0] = ctype_get(cts, id0); | ||
| 51 | } | ||
| 48 | } | 52 | } |
| 49 | if (ctype_isenum(ct->info)) ct = ctype_child(cts, ct); | 53 | if (ctype_isenum(ct->info)) ct = ctype_child(cts, ct); |
| 50 | ca->ct[i] = ct; | 54 | ca->ct[i] = ct; |