search

mmomtchev / swig

This is SWIG JavaScript Evolution, a fork of the SWIG project with modern JavaScript/TypeScript support including WASM and async
http://www.swig.org
Other
7 stars 0 forks source link

`freearg` template is executed twice if a `check` typemap rejects in async mode #52

Open mmomtchev opened 2 months ago

mmomtchev commented 2 months ago

A %typemap(check) that calls SWIG_exception_fail to explicitly reject its arguments can cause the freearg template of the already processed arguments to run twice in async mode:

%typemap(check)
(const size_t columns_, const size_t rows_, const std::string &map_, const Magick::StorageType type_, void *pixels_)
(Napi::Reference<Napi::Value> _global_array_ref)
%{
  if ($1 * $2 * $3->size() != _global_typed_array.ElementLength()) {
    SWIG_exception_fail(SWIG_IndexError,
      "The number of elements in the TypedArray does not match the number of pixels in the image");
  }
%}

This typemap can provoke a double free for dynamically-allocated strings in async mode.

mmomtchev commented 2 months ago

Introduced by https://github.com/mmomtchev/swig/pull/18