When parsing a declaration containing more than one full declarator,
each such declarator references the same list of declaration specifiers.
While processing the declarators the specifier list is normalized and
each declarator needs to be updated to the new list.
However, if a syntax error is detected we break out of the processing
loop and end up with only some of these updates occurring. When the
partially-updated declaration list is subsequently freed, this can
in some cases lead to a use after free when the stale pointers are
encountered.
Fix this by updating all the specifier references before doing any
further processing to avoid dealing with partially-updated lists.
projects / cdecl99.git / commitdiff