From 28498f752bcbedf113bc46f555fa611a6fb0633b Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 18 Oct 2017 15:57:40 -0700 Subject: [PATCH] Fix use-after-free in Trigger.cc timeout_val is used _right_ after it is Unref'd. --- src/Trigger.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Trigger.cc b/src/Trigger.cc index 772a991791..3867c607fd 100644 --- a/src/Trigger.cc +++ b/src/Trigger.cc @@ -136,12 +136,12 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts, if ( timeout_val ) { - Unref(timeout_val); timeout_value = timeout_val->AsInterval(); + Unref(timeout_val); } // Make sure we don't get deleted if somebody calls a method like - // Timeout() while evaluating the trigger. + // Timeout() while evaluating the trigger. Ref(this); if ( ! Eval() && timeout_value >= 0 )