From b411f943a081b7c7fde0548f8c7ee5e93c0638a9 Mon Sep 17 00:00:00 2001 From: ailin-nemui Date: Fri, 12 Aug 2016 18:24:58 +0200 Subject: [PATCH] fix use after free in expando error --- src/perl/common/Expando.xs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/perl/common/Expando.xs b/src/perl/common/Expando.xs index e8e8f751..bb5d185b 100644 --- a/src/perl/common/Expando.xs +++ b/src/perl/common/Expando.xs @@ -74,15 +74,18 @@ static char *perl_expando_event(PerlExpando *rec, SERVER_REC *server, ret = NULL; if (SvTRUE(ERRSV)) { + PERL_SCRIPT_REC *script = rec->script; + (void) POPs; /* call putback before emitting script error signal as that * could manipulate the perl stack. */ PUTBACK; /* make sure we don't get back here */ - if (rec->script != NULL) - script_unregister_expandos(rec->script); + if (script != NULL) + script_unregister_expandos(script); + /* rec has been freed now */ - signal_emit("script error", 2, rec->script, SvPV_nolen(ERRSV)); + signal_emit("script error", 2, script, SvPV_nolen(ERRSV)); } else if (retcount > 0) { ret = g_strdup(POPp); *free_ret = TRUE;