From 4c66c7f9c370d2088dfa064e77f45b869c672e98 Mon Sep 17 00:00:00 2001
From: Guillaume Melquiond <guillaume.melquiond@inria.fr>
Date: Tue, 31 May 2016 15:35:46 +0200
Subject: Fix potential race condition in vm_compute.

If the second allocation causes a collection of the minor heap, the first
allocation will be freed, thus causing a memory corruption.

Note: it only happens when computing the native projection of an opaque
value while the minor heap is almost full.
---
 kernel/byterun/coq_interp.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'kernel/byterun')

diff --git a/kernel/byterun/coq_interp.c b/kernel/byterun/coq_interp.c
index dc571699e..d634b726b 100644
--- a/kernel/byterun/coq_interp.c
+++ b/kernel/byterun/coq_interp.c
@@ -911,10 +911,12 @@ value coq_interprete
 	  Alloc_small(block, 2, ATOM_PROJ_TAG);
 	  Field(block, 0) = Field(coq_global_data, *pc);
 	  Field(block, 1) = accu;
-	  /* Create accumulator */
-	  Alloc_small(accu, 2, Accu_tag);
-	  Code_val(accu) = accumulate;
-	  Field(accu, 1) = block;
+          accu = block;
+          /* Create accumulator */
+          Alloc_small(block, 2, Accu_tag);
+          Code_val(block) = accumulate;
+          Field(block, 1) = accu;
+          accu = block;
 	} else {
 	    accu = Field(accu, *pc++);
 	}
-- 
cgit v1.2.3