From 582717a7b4af6ce0e231b9aee090107235ef2d0f Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Thu, 21 Oct 2021 00:10:47 -0500
Subject: Fix crash in LOADVN when stack grows

This `stack_push()` call in LOADVN invalidates `var`:

       jv* var = frame_local_var(jq, v, level);
       jv_free(stack_popn(jq));
------>stack_push(jq, *var);
       *var = jv_null();
       ^^^^^^

We have to re-compute `var`:

       jv* var = frame_local_var(jq, v, level);
       jv_free(stack_popn(jq));
       stack_push(jq, *var);
------>var = frame_local_var(jq, v, level);
       *var = jv_null();
---
 src/execute.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/execute.c b/src/execute.c
index fd2ab2c7..d8405825 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -561,7 +561,11 @@ jv jq_next(jq_state *jq) {
         printf(" (%d)\n", jv_get_refcnt(*var));
       }
       jv_free(stack_popn(jq));
+
+      // This `stack_push()` invalidates the `var` reference, so
       stack_push(jq, *var);
+      // we have to re-resolve `var` before we can set it to null
+      var = frame_local_var(jq, v, level);
       *var = jv_null();
       break;
     }
-- 
cgit v1.2.3