c: fix use after free

A silly one, declsbuf.p can be realloc'd in the call to putdecl, but in this statement that pointer could be fetched before the call.
author: lemon <lsof@mailbox.org> 2026-01-09 19:33:36 +0100
committer: lemon <lsof@mailbox.org> 2026-01-09 19:33:36 +0100
commit: f5955f1e62736f2f92b05a1ed7931d378f7b2ae6 (patch)
tree: e5f872a26c2ced6c03a3f35166137f76d4330805
parent: 95301a8b8ece4b6d823e84bcff8a67d518840491 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/c/c.c b/c/c.c
index 3b7264e..4b421d5 100644
--- a/c/c.c
+++ b/c/c.c
@@ -4503,7 +4503,8 @@ tldecl(struct comp *cm)
                error(&st.pspans[i], "parameter has incomplete type '%ty'", td->param[i]);
          }
          decl.isdef = 1;
-         struct decl *d = &declsbuf.p[putdecl(cm, &decl)];
+         int idecl = putdecl(cm, &decl);
+         struct decl *d = &declsbuf.p[idecl];
          struct function fn = { &cm->fnarena, .name = decl.name, .globl = d->scls != SCSTATIC, .fnty = decl.ty, .retty = td->ret };
          irinit(&fn);
          function(cm, &fn, st.pnames, st.pspans, st.pqual);
author	lemon <lsof@mailbox.org>	2026-01-09 19:33:36 +0100
committer	lemon <lsof@mailbox.org>	2026-01-09 19:33:36 +0100
commit	f5955f1e62736f2f92b05a1ed7931d378f7b2ae6 (patch)
tree	e5f872a26c2ced6c03a3f35166137f76d4330805
parent	95301a8b8ece4b6d823e84bcff8a67d518840491 (diff)