From 5aa22d41e9060f54e3236cc37e10b62210fc2c8a Mon Sep 17 00:00:00 2001 From: Andy Date: Thu, 30 Mar 2023 01:01:16 +0000 Subject: [PATCH] Fixing use after free when dumping call stack (#2084) In multi-threading, this line will eventually call `wasm_cluster_wait_for_all_except_self`: `DEINIT_VEC(store->instances, wasm_instance_vec_delete)` As the threads are joining they can call `wasm_interp_dump_call_stack` which tries to use the module frames but they were already freed by this line: `DEINIT_VEC(store->modules, wasm_module_vec_delete)` This PR swaps the order that these are deleted so module is deleted after the instances. Co-authored-by: Andrew Chambers --- core/iwasm/common/wasm_c_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/iwasm/common/wasm_c_api.c b/core/iwasm/common/wasm_c_api.c index 15eb9f01..639980ca 100644 --- a/core/iwasm/common/wasm_c_api.c +++ b/core/iwasm/common/wasm_c_api.c @@ -687,8 +687,8 @@ wasm_store_delete(wasm_store_t *store) return; } - DEINIT_VEC(store->modules, wasm_module_vec_delete); DEINIT_VEC(store->instances, wasm_instance_vec_delete); + DEINIT_VEC(store->modules, wasm_module_vec_delete); if (store->foreigns) { bh_vector_destroy(store->foreigns); wasm_runtime_free(store->foreigns);