On Tue, Jan 07, 2025 at 11:55:06PM +0100, Florian Westphal wrote:
> It passed already-freed memory to erec function. Found with afl++ and asan.
>
> Fixes: 4955ae1a81b7 ("Add support for table's persist flag")
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> src/parser_bison.y | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index 6e6f3cf8335d..7ab15244be52 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -1943,12 +1943,14 @@ table_flags : table_flag
> table_flag : STRING
> {
> $$ = parse_table_flag($1);
> - free_const($1);
> if ($$ == 0) {
> erec_queue(error(&@1, "unknown table option %s", $1),
> state->msgs);
> + free_const($1);
> YYERROR;
> }
> +
> + free_const($1);
> }
> ;
>
> --
> 2.45.2
>
>
