Skip to content
Snippets Groups Projects
Select Git revision
  • 83ac4caa846166a8b08dd643d18b64c59cabad6d
  • master default protected
  • 9.0
  • 8.0
  • nt-tools
  • 7.8
  • 7.6
  • 7.4
  • 7.2
  • 7.0
  • 0.6
  • rosuav/latex-markdown-renderer
  • rxnpatch/rxnpatch
  • marcus/gobject-introspection
  • rxnpatch/8.0
  • rosuav/pre-listening-ports
  • rosuav/async-annotations
  • rosuav/pgsql-ssl
  • rxnpatch/rxnpatch-broken/2023-10-06T094250
  • grubba/fdlib
  • grubba/wip/sakura/8.0
  • v8.0.2020
  • v8.0.2018
  • v8.0.2016
  • v8.0.2014
  • v8.0.2012
  • v8.0.2008
  • v8.0.2006
  • v8.0.2004
  • v8.0.2002
  • v8.0.2000
  • v8.0.1998
  • v8.0.1996
  • v8.0.1994
  • v8.0.1992
  • v8.0.1990
  • v8.0.1988
  • v8.0.1986
  • rxnpatch/clusters/8.0/2025-04-29T124414
  • rxnpatch/2025-04-29T124414
  • v8.0.1984
41 results

array.c

  • Tobias S. Josefowitz's avatar
    83ac4caa
    Array: array_search() may not change needle's type · 83ac4caa
    Tobias S. Josefowitz authored
    If the needle supplied to array_search() was a destructed object,
    array_search() would convert it to (PIKE_T_INT,NUMBER_DESTRUCTED)-type 0
    in-place.
    
    Since array_search() is sometimes called with the needle residing in
    another array - for example when ORing arrays - this would introduce
    PIKE_T_INT items into such arrays without reflecting this in said
    array's type_field.
    
    If the type_field would then later on (still) only have BIT_OBJECT set,
    we would call free_object() on the thus introduced PIKE_T_INT when
    freeing array items, leading straight to a segmentation fault.
    83ac4caa
    History
    Array: array_search() may not change needle's type
    Tobias S. Josefowitz authored
    If the needle supplied to array_search() was a destructed object,
    array_search() would convert it to (PIKE_T_INT,NUMBER_DESTRUCTED)-type 0
    in-place.
    
    Since array_search() is sometimes called with the needle residing in
    another array - for example when ORing arrays - this would introduce
    PIKE_T_INT items into such arrays without reflecting this in said
    array's type_field.
    
    If the type_field would then later on (still) only have BIT_OBJECT set,
    we would call free_object() on the thus introduced PIKE_T_INT when
    freeing array items, leading straight to a segmentation fault.