Skip to content

Commit 7ef2ae0

Browse files
Steal the ownership of the string in action_if_variable to avoid use-after-free issues
1 parent b4d0179 commit 7ef2ae0

File tree

1 file changed

+4
-5
lines changed

1 file changed

+4
-5
lines changed

src/vm_builtins.c

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4375,11 +4375,10 @@ static RValue builtinActionIfVariable(VMContext* ctx, MAYBE_UNUSED RValue* args,
43754375
}
43764376
}
43774377

4378-
if (check) {
4379-
return args[1];
4380-
} else {
4381-
return args[2];
4382-
}
4378+
int32_t idx = check ? 1 : 2;
4379+
RValue result = args[idx];
4380+
args[idx].ownsString = false; // Steal ownership to avoid double-free in handleCall
4381+
return result;
43834382
}
43844383

43854384
STUB_RETURN_UNDEFINED(action_sound)

0 commit comments

Comments
 (0)