From 41c338474dd1e086494337fd18ec8828cef1a75c Mon Sep 17 00:00:00 2001 From: Philipp Stephani Date: Sun, 29 Nov 2020 21:13:02 +0100 Subject: [PATCH] Fix double-free bug when finalizing module runtimes. * src/emacs-module.c (finalize_runtime_unwind): Don't finalize initial environment twice. * test/src/emacs-module-resources/mod-test.c (emacs_module_init): Allocate lots of values during module initialization to trigger the bug. --- src/emacs-module.c | 4 ++-- test/src/emacs-module-resources/mod-test.c | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/emacs-module.c b/src/emacs-module.c index 5f97815ec15..0f3ef59fd8c 100644 --- a/src/emacs-module.c +++ b/src/emacs-module.c @@ -1506,8 +1506,8 @@ finalize_environment_unwind (void *env) void finalize_runtime_unwind (void *raw_ert) { - struct emacs_runtime *ert = raw_ert; - finalize_environment (ert->private_members->env); + /* No further cleanup is required, as the initial environment is + unwound separately. See the logic in Fmodule_load. */ } diff --git a/test/src/emacs-module-resources/mod-test.c b/test/src/emacs-module-resources/mod-test.c index 419621256ae..f855e9b6da0 100644 --- a/test/src/emacs-module-resources/mod-test.c +++ b/test/src/emacs-module-resources/mod-test.c @@ -806,6 +806,12 @@ emacs_module_init (struct emacs_runtime *ert) strlen (interactive_spec))); bind_function (env, "mod-test-identity", identity_fn); + /* We allocate lots of values to trigger bugs in the frame allocator during + initialization. */ + int count = 10000; /* larger than value_frame_size in emacs-module.c */ + for (int i = 0; i < count; ++i) + env->make_integer (env, i); + provide (env, "mod-test"); return 0; } -- 2.39.5