From ac149359907423b90513a8fa392b6977fd919a7c Mon Sep 17 00:00:00 2001 From: Zoltan Varga Date: Thu, 8 Feb 2024 13:33:26 -0500 Subject: [PATCH] [mono][aot] Fix a use after free. (#98149) Extracted from https://github.com/dotnet/runtime/pull/97096. Author: Johan Lorensson . --- src/mono/mono/mini/aot-runtime.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/mono/mono/mini/aot-runtime.c b/src/mono/mono/mini/aot-runtime.c index e88b6965bb6bd..bdd39e400edca 100644 --- a/src/mono/mono/mini/aot-runtime.c +++ b/src/mono/mono/mini/aot-runtime.c @@ -3395,10 +3395,13 @@ decode_exception_debug_info (MonoAotModule *amodule, MonoJitMemoryManager *jit_mm = get_default_jit_mm (); jit_mm_lock (jit_mm); /* This could be set already since this function can be called more than once for the same method */ - if (!g_hash_table_lookup (jit_mm->seq_points, method)) + MonoSeqPointInfo *existing_seq_points = NULL; + if (!g_hash_table_lookup_extended (jit_mm->seq_points, method, NULL, (gpointer *)&existing_seq_points)) { g_hash_table_insert (jit_mm->seq_points, method, seq_points); - else + } else { mono_seq_point_info_free (seq_points); + seq_points = existing_seq_points; + } jit_mm_unlock (jit_mm); }