diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2021-03-25 14:37:58 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2021-03-25 14:40:24 +0100 |
| commit | 9a6ef2bf3f9d0cabe39a05c72f70fc1799258c0f (patch) | |
| tree | 20e454fc34f4ec5a14bc8b22f9a3e4db7cf2f063 /lib.c | |
| parent | 03f132427bffa96099611897c7c8ade279639874 (diff) | |
lib: prevent use-after-free after uc_shift()
Make sure to increase the refcount of items being moved since the
subsequent put operation will decrease it, prematurely freeing
moved items which will lead to use-after-free errors later on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'lib.c')
| -rw-r--r-- | lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -470,7 +470,7 @@ uc_shift(uc_vm *vm, size_t nargs) for (arridx = 0; arridx < arrlen - 1; arridx++) json_object_array_put_idx(arr, arridx, - json_object_array_get_idx(arr, arridx + 1)); + uc_value_get(json_object_array_get_idx(arr, arridx + 1))); json_object_array_del_idx(arr, arrlen - 1, 1); #ifdef HAVE_ARRAY_SHRINK |