From 0ad64a1006f10dcb6e431985f3c26816f50f64d1 Mon Sep 17 00:00:00 2001
From: Bruce Hill <bruce@bruce-hill.com>
Date: Fri, 1 Oct 2021 19:29:31 -0700
Subject: Bugfix for use-after-free, as well as an issue with the order
 grammars were loaded

---
 match.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'match.c')

diff --git a/match.c b/match.c
index 5be9bf4..90844a3 100644
--- a/match.c
+++ b/match.c
@@ -636,7 +636,8 @@ static match_t *match(match_ctx_t *ctx, const char *str, pat_t *pat)
 
         while (rec_op.args.leftrec.visits > 0) {
             rec_op.args.leftrec.visits = 0;
-            recycle_match(&rec_op.args.leftrec.match);
+            if (rec_op.args.leftrec.match && rec_op.args.leftrec.match != m)
+                recycle_match(&rec_op.args.leftrec.match);
             rec_op.args.leftrec.match = m;
             prev = m->end;
             match_t *m2 = match(&ctx2, str, ref);
@@ -645,10 +646,11 @@ static match_t *match(match_ctx_t *ctx, const char *str, pat_t *pat)
                 recycle_match(&m2);
                 break;
             }
+            recycle_match(&m);
             m = m2;
         }
 
-        if (rec_op.args.leftrec.match)
+        if (rec_op.args.leftrec.match && rec_op.args.leftrec.match != m)
             recycle_match(&rec_op.args.leftrec.match);
 
         // This match wrapper mainly exists for record-keeping purposes.
-- 
cgit v1.2.3