mirror of
https://github.com/neovim/neovim.git
synced 2025-02-25 18:55:25 -06:00
channel.c: Fix for heap-use-after-free
ASAN detected this heap-use-after-free. A job started by channel_from_job() could terminate and result in a call to free_channel(), while channel_send_call() was still active/pending and accessing Channel elements. Original patch by @tarruda.
This commit is contained in:
parent
e2e63832e3
commit
eae3105ee3
@ -348,7 +348,13 @@ static void job_err(RStream *rstream, void *data, bool eof)
|
|||||||
|
|
||||||
static void job_exit(Job *job, void *data)
|
static void job_exit(Job *job, void *data)
|
||||||
{
|
{
|
||||||
free_channel((Channel *)data);
|
Channel *channel = data;
|
||||||
|
// ensure the channel is flagged as closed so channel_send_call frees it
|
||||||
|
// later
|
||||||
|
channel->closed = true;
|
||||||
|
if (!kv_size(channel->call_stack)) {
|
||||||
|
free_channel(channel);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void parse_msgpack(RStream *rstream, void *data, bool eof)
|
static void parse_msgpack(RStream *rstream, void *data, bool eof)
|
||||||
|
Loading…
Reference in New Issue
Block a user