Expr: add missing reference in AssignExpr::InitVal()

The one reference returned by `op2->InitVal()` is given to `aggr_r->Assign()` and returned to the caller, which may result in a use-after-free crash bug. This patch adds the missing reference. Closes https://github.com/zeek/zeek/issues/805
2025-10-05 08:08:19 +00:00 · 2020-02-20 09:27:06 +01:00 · 2020-02-20 09:27:06 +01:00 · 35d97a24f0
commit 35d97a24f0
parent a20dd12117
1 changed files with 1 additions and 0 deletions
--- a/src/Expr.cc
+++ b/src/Expr.cc
@ -2459,6 +2459,7 @@ Val* AssignExpr::InitVal(const BroType* t, Val* aggr) const
 		if ( ! v )
 			return 0;

+		::Ref(v);
 		aggr_r->Assign(field, v);
 		return v;
 		}