From: Nick Bowler <nbowler@draconx.ca>
Date: Sat, 4 Jul 2020 17:28:53 +0000 (-0400)
Subject: Fix use-after-free during parser error recovery.
X-Git-Tag: v1~17
X-Git-Url: https://git.draconx.ca/gitweb/cdecl99.git/commitdiff_plain/76252467a9696b3d649083e7a8325fd1e14e3d87?hp=76252467a9696b3d649083e7a8325fd1e14e3d87

Fix use-after-free during parser error recovery.

When parsing a declaration containing more than one full declarator,
each such declarator references the same list of declaration specifiers.

While processing the declarators the specifier list is normalized and
each declarator needs to be updated to the new list.

However, if a syntax error is detected we break out of the processing
loop and end up with only some of these updates occurring.  When the
partially-updated declaration list is subsequently freed, this can
in some cases lead to a use after free when the stale pointers are
encountered.

Fix this by updating all the specifier references before doing any
further processing to avoid dealing with partially-updated lists.
---