From 7bf1179f601614ead4e3d4084e52863b820a2aca Mon Sep 17 00:00:00 2001 From: David Chisnall Date: Sat, 7 Apr 2018 20:04:14 +0100 Subject: [PATCH] Reapply 3b1e94ec5d9abc7042f11f134c002b0559c9b0c2 correctly This time without accidentally-included files... If compiling without backtrace or BFD support, we initialise the location to store return addresses incorrectly, leaving a dangling pointer which we then right over. Most consumers never read this, so it seemed to work most of the time by just overwriting a random bit of memory. This probably has security implications, because throwing an exception can clobber random bits of memory, though not with attacker-controlled data. --- Source/NSException.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Source/NSException.m b/Source/NSException.m index 76eea9e6f..6a5fbd76e 100644 --- a/Source/NSException.m +++ b/Source/NSException.m @@ -966,7 +966,7 @@ GSPrivateReturnAddresses(NSUInteger **returns) { jbuf_type *env; - returns = malloc(numReturns * sizeof(void*)); + *returns = malloc(numReturns * sizeof(void*)); env = jbuf(); if (sigsetjmp(env->buf, 1) == 0)