From: K.Kosako <kosako@sofnec.co.jp>
Date: Tue, 9 Apr 2019 00:27:56 +0000 (+0900)
Subject: fix #139: UAF in match_at()
X-Git-Tag: v6.9.2_rc2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a8ed18bc401b8022d47fe26664169febac4e284a;p=onig

fix #139: UAF in match_at()
---

diff --git a/src/regexec.c b/src/regexec.c
index a8c9f0b..6618996 100644
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -3393,8 +3393,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
     CASE_OP(MEMORY_END_PUSH_REC)
       mem = p->memory_end.num;
       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
+      si = GET_STACK_INDEX(stkp);
       STACK_PUSH_MEM_END(mem, s);
-      mem_start_stk[mem] = GET_STACK_INDEX(stkp);
+      mem_start_stk[mem] = si;
       INC_OP;
       JUMP_OUT;