From 3ce2f2dcf8b8818926519f5f2652d1f6914eae2c Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Sat, 31 May 2025 13:02:35 -0700 Subject: streams: regression: gc issue in get_string_from_stream. * stream.c (get_string_from_stream_common): The so->buf = 0 assignment must precede the call to string_own(buf), because the string out stream object may already be garbage, and the string_own call will reclaim it. If we don't null out the buffer, the string will get ownership of a freed buffer. This reproduced in the CSV test case on MacOS Lion, 32 bit x86. --- stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stream.c b/stream.c index a9f37427..8e4f8ec6 100644 --- a/stream.c +++ b/stream.c @@ -2724,8 +2724,8 @@ val get_string_from_stream_common(val stream, val copy_p_in) if (waste >= 128 && so->size - so->len > so->len / 4) buf = coerce(wchar_t *, chk_realloc(coerce(mem_t *, so->buf), (so->len + 1) * sizeof *so->buf)); - out = string_own(buf); so->buf = 0; + out = string_own(buf); } return out; -- cgit v1.2.3