Fix double-free bug when finalizing module runtimes.

* src/emacs-module.c (finalize_runtime_unwind): Don't finalize initial
environment twice.

* test/src/emacs-module-resources/mod-test.c (emacs_module_init):
Allocate lots of values during module initialization to trigger the
bug.

diff --git a/src/emacs-module.c b/src/emacs-module.c
index 5f97815ec15a81f1587224c9c8756e1d127e0872..0f3ef59fd8c39471d1fc34e6a0e5d5047dda8b7f 100644 (file)
--- a/src/emacs-module.c
+++ b/src/emacs-module.c
@@ -1506,8 +1506,8 @@ finalize_environment_unwind (void *env)
 void
 finalize_runtime_unwind (void *raw_ert)
 {
-  struct emacs_runtime *ert = raw_ert;
-  finalize_environment (ert->private_members->env);
+  /* No further cleanup is required, as the initial environment is
+     unwound separately.  See the logic in Fmodule_load.  */
 }
 
 \f

diff --git a/test/src/emacs-module-resources/mod-test.c b/test/src/emacs-module-resources/mod-test.c
index 419621256ae96e00c6150c842312bd6386cc59ce..f855e9b6da08f9b256eeb06d097cce802200f572 100644 (file)
--- a/test/src/emacs-module-resources/mod-test.c
+++ b/test/src/emacs-module-resources/mod-test.c
@@ -806,6 +806,12 @@ emacs_module_init (struct emacs_runtime *ert)
                                            strlen (interactive_spec)));
   bind_function (env, "mod-test-identity", identity_fn);
 
+  /* We allocate lots of values to trigger bugs in the frame allocator during
+     initialization.  */
+  int count = 10000;  /* larger than value_frame_size in emacs-module.c */
+  for (int i = 0; i < count; ++i)
+    env->make_integer (env, i);
+
   provide (env, "mod-test");
   return 0;
 }