Commit 6eae16af50accfb4934bf735dd9edc8ea9de9952
2023-09-25T16:13:06
fix use after free
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
diff --git a/libc3/env.c b/libc3/env.c
index c11e962..174dcb4 100644
--- a/libc3/env.c
+++ b/libc3/env.c
@@ -158,7 +158,6 @@ bool env_eval_array_cast (s_env *env, s_array *array, const s_tag *tag,
data_eval = tag_to_pointer(&tag_eval, tag_type);
memcpy(data, data_eval, size);
call_clean(&call);
- tag_clean(&tag_eval);
return true;
}
diff --git a/libc3/integer.c b/libc3/integer.c
index 593d49e..9f45e4a 100644
--- a/libc3/integer.c
+++ b/libc3/integer.c
@@ -127,7 +127,7 @@ s_integer * integer_cast (const s_tag *tag, s_integer *dest)
case TAG_IDENT:
goto ko;
case TAG_INTEGER:
- return integer_init_copy(dest, &tag->data.integer);
+ return integer_copy(&tag->data.integer, dest);
case TAG_SW:
return integer_init_sw(dest, tag->data.sw);
case TAG_S64:
diff --git a/test/ic3/array.out.expected b/test/ic3/array.out.expected
index a402c89..068e559 100644
--- a/test/ic3/array.out.expected
+++ b/test/ic3/array.out.expected
@@ -89,3 +89,7 @@ d[1][1][1][1]
256
257
258
+(Integer) {1000000000000000000000000000000001, 2000000000000000000000000000000002}
+(Integer) {1000000000000000000000000000000001, 2000000000000000000000000000000002}
+1000000000000000000000000000000001
+2000000000000000000000000000000002