mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
Type: fix double free bug in SetType::ShallowClone()
The type declaration `addr_set` happens to result in a `SetType` with `elements`, but no `indices`, and so ShallowClone() does not increment any reference counter. However, the `SetType` constructor passed ownership of a non-existing reference to `TableType`, resulting in a double free bug (and Zeek crash). At first, I tried to fix this by obeying the code comment in SetType::ShallowClone() and pass `indices=nullptr`, but that led to a crash inside IndexType::IsSubNetIndex(). So this patch attempts to make the symptom go away by pretending the code comment is simply wrong, and only corrects the reference counters.
This commit is contained in:
Max Kellermann
parent
84e3e6c619
commit
ae2bd7928c
1 changed files with 3 additions and 5 deletions
|
|
@ -438,13 +438,11 @@ SetType::SetType(TypeList* ind, ListExpr* arg_elements) : TableType(ind, 0)
|
||||||
|
|
||||||
SetType* SetType::ShallowClone()
|
SetType* SetType::ShallowClone()
|
||||||
{
|
{
|
||||||
// constructor only consumes indices when elements
|
if ( elements )
|
||||||
// is set
|
|
||||||
if ( elements && indices )
|
|
||||||
{
|
|
||||||
elements->Ref();
|
elements->Ref();
|
||||||
|
|
||||||
|
if ( indices )
|
||||||
indices->Ref();
|
indices->Ref();
|
||||||
}
|
|
||||||
|
|
||||||
return new SetType(indices, elements);
|
return new SetType(indices, elements);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue