double free in select case fixed 36/16936/3
Cedric Delamarre [Thu, 30 Jul 2015 09:51:09 +0000 (11:51 +0200)]
a=12;
select a
case 12
a=14
end

Change-Id: I8af5b4c4151ca1af30dba7c4eb2046e014d83286

scilab/modules/ast/src/cpp/ast/runvisitor.cpp

index 9841111..edee8ca 100644 (file)
@@ -810,6 +810,10 @@ void RunVisitorT<T>::visitprivate(const SelectExp &e)
     setResult(NULL);
     if (pIT)
     {
+        // protect pIT to avoid double free when
+        // the variable in select is override in the case
+        pIT->IncreaseRef();
+
         //find good case
         exps_t cases = e.getCases();
         for (auto exp : cases)
@@ -833,6 +837,7 @@ void RunVisitorT<T>::visitprivate(const SelectExp &e)
                     }
                     catch (ScilabMessage& sm)
                     {
+                        pIT->DecreaseRef();
                         pIT->killMe();
                         throw sm;
                     }
@@ -874,7 +879,11 @@ void RunVisitorT<T>::visitprivate(const SelectExp &e)
         }
         catch (ScilabMessage& sm)
         {
-            pIT->killMe();
+            if (pIT)
+            {
+                pIT->DecreaseRef();
+                pIT->killMe();
+            }
             throw sm;
         }
 
@@ -899,7 +908,11 @@ void RunVisitorT<T>::visitprivate(const SelectExp &e)
 
     clearResult();
 
-    pIT->killMe();
+    if (pIT)
+    {
+        pIT->DecreaseRef();
+        pIT->killMe();
+    }
 }
 
 template <class T>