From 0ad64a1006f10dcb6e431985f3c26816f50f64d1 Mon Sep 17 00:00:00 2001
From: Bruce Hill <bruce@bruce-hill.com>
Date: Fri, 1 Oct 2021 19:29:31 -0700
Subject: Bugfix for use-after-free, as well as an issue with the order
 grammars were loaded

---
 bp.c           | 2 +-
 grammars/bp.bp | 2 +-
 match.c        | 6 ++++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/bp.c b/bp.c
index 6efbe3d..e094a7a 100644
--- a/bp.c
+++ b/bp.c
@@ -521,7 +521,7 @@ static int process_git_files(pat_t *pattern, int argc, char *argv[])
 //
 static pat_t *load_grammar(pat_t *defs, file_t *f)
 {
-    return chain_together(defs, assert_pat(f->start, f->end, bp_pattern(f->start, f->end)));
+    return chain_together(assert_pat(f->start, f->end, bp_pattern(f->start, f->end)), defs);
 }
 
 //
diff --git a/grammars/bp.bp b/grammars/bp.bp
index d0a9474..a6e6f0b 100644
--- a/grammars/bp.bp
+++ b/grammars/bp.bp
@@ -5,7 +5,7 @@
 # The grammar files provided with BP are not otherwise intended to be full
 # language grammars.
 
-Grammar: __ *(Def [__`;])%__ __ [@error=(+(./\n) => "Could not parse this code")]
+Grammar: __ *(Def [__`;])%__ __ [@error=(+(./\n) => "Could not parse this code: @0")]
 Def: @name=id __ `: __ (
       @definition=extended-pat
     / $$ @error=(=>"No definition for rule")
diff --git a/match.c b/match.c
index 5be9bf4..90844a3 100644
--- a/match.c
+++ b/match.c
@@ -636,7 +636,8 @@ static match_t *match(match_ctx_t *ctx, const char *str, pat_t *pat)
 
         while (rec_op.args.leftrec.visits > 0) {
             rec_op.args.leftrec.visits = 0;
-            recycle_match(&rec_op.args.leftrec.match);
+            if (rec_op.args.leftrec.match && rec_op.args.leftrec.match != m)
+                recycle_match(&rec_op.args.leftrec.match);
             rec_op.args.leftrec.match = m;
             prev = m->end;
             match_t *m2 = match(&ctx2, str, ref);
@@ -645,10 +646,11 @@ static match_t *match(match_ctx_t *ctx, const char *str, pat_t *pat)
                 recycle_match(&m2);
                 break;
             }
+            recycle_match(&m);
             m = m2;
         }
 
-        if (rec_op.args.leftrec.match)
+        if (rec_op.args.leftrec.match && rec_op.args.leftrec.match != m)
             recycle_match(&rec_op.args.leftrec.match);
 
         // This match wrapper mainly exists for record-keeping purposes.
-- 
cgit v1.2.3