op.c:newMYSUB: Pop scope after creating sub

I was popping the scope before creating the sub in order to expose the
parent pad, where the new sub is to be stored.

That can cause problems, since ops may still be created that get
attached to the new sub.  Those ops will end up using the parent sub’s
slab in that case.  If the parent sub does not finish compiling, due
to an error, it may clean out its slab, freeing ops that the inner sub
is using, so the inner sub, when freed, will try to free ops that are
no longer in allocated memory, as the slab is gone.  Most of the time,
the inner ops won’t have been reused for anything, so the op type will
still be OP_FREED, and op_free will do nothing (except a single bad
read).  But debugging builds detect that and fail an assertion.

Popping the scope afterwards actually does simplify things, surpris-
ingly enough.

I was able to produce this bug with a one-liner, but it did not fail
as part of the test suite.  So this fix includes no test.

Since the o variable in newMYSUB is a padop, it can only be freed when
its pad is active.  It is created before the sub, so it cannot be
freed until the scope has been popped, so it has to go at the bot-
tom.  If an error occurs during newMYSUB, opslab_force_free will take
care of it.

0 files changed, 0 insertions, 0 deletions