]> git.kaiwu.me - njs.git/commitdiff
projects / njs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 06526ff)
Fixed heap-use-after-free in await frame.
authorAlexander Borisov <alexander.borisov@nginx.com>
Mon, 1 Nov 2021 15:32:48 +0000 (18:32 +0300)
committerAlexander Borisov <alexander.borisov@nginx.com>
Mon, 1 Nov 2021 15:32:48 +0000 (18:32 +0300)
The bug was introduced in 92d10cd761e2 (0.7.0).

src/njs_async.c patch | blob | history

diff --git a/src/njs_async.c b/src/njs_async.c
index b5f6c3a65903157b664e92b7030f0454b8a7a14f..6a93cfd01815b6b2ec7fa417f6504717140ed8a5 100644 (file)
--- a/src/njs_async.c
+++ b/src/njs_async.c
@@ -72,6 +72,8 @@ njs_await_fulfilled(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
     }
 
     async = ctx->await;
+    async->previous = vm->top_frame;
+
     function = async->function;
 
     cur_local = vm->levels[NJS_LEVEL_LOCAL];
njs upstream