Fix potential overflow of locks - favour small memory leak over accidental free if this ever happens (fix #2616)

gfwilliams · gfwilliams · commit aea3be7f4fa1 · 2025-03-20T14:38:34.000Z
diff --git a/ChangeLog b/ChangeLog
@@ -22,6 +22,7 @@
             Bangle.js2: Added new Renaissance fonts and g.findFont function for selecting the best font
             Bangle.js2: Fix issue when an onchange callback from E.showMenu submenu changes the menu immediately
             Bangle.js: Added 'bpmMin/bpmMax' and 'activity' to 'health' event and 'Bangle.getHealthStatus'
+            Fix potential overflow of locks - favour small memory leak over accidental free if this ever happens (fix #2616)
 
      2v25 : ESP32C3: Get analogRead working correctly
             Graphics: Adjust image alignment when rotating images to avoid cropping (fix #2535)
diff --git a/src/jsvar.c b/src/jsvar.c
@@ -812,8 +812,8 @@ JsVarRef jsvGetRef(JsVar *var) {
 JsVar *jsvLock(JsVarRef ref) {
   JsVar *var = jsvGetAddressOf(ref);
   //var->locks++;
-  assert(jsvGetLocks(var) < JSV_LOCK_MAX);
-  var->flags += JSV_LOCK_ONE;
+  if ((var->flags & JSV_LOCK_MASK)!=JSV_LOCK_MASK) // if we hit the max amount of locks, don't exceed it (see https://github.com/espruino/Espruino/issues/2616)
+    var->flags += JSV_LOCK_ONE;
 #ifdef DEBUG
   if (jsvGetLocks(var)==0) {
     jsError("Too many locks to Variable!");
@@ -832,8 +832,8 @@ JsVar *jsvLockSafe(JsVarRef ref) {
 /// Lock this pointer and return a pointer - UNSAFE for null pointer
 JsVar *jsvLockAgain(JsVar *var) {
   assert(var);
-  assert(jsvGetLocks(var) < JSV_LOCK_MAX);
-  var->flags += JSV_LOCK_ONE;
+  if ((var->flags & JSV_LOCK_MASK)!=JSV_LOCK_MASK) // if we hit the max amount of locks, don't exceed it (see https://github.com/espruino/Espruino/issues/2616)
+    var->flags += JSV_LOCK_ONE;
   return var;
 }
 
@@ -865,6 +865,7 @@ static ALWAYS_INLINE void jsvUnLockInline(JsVar *var) {
   /* Reduce lock count. Since ->flags is volatile
    * it helps to explicitly save it to a var to avoid a
    * load-store-load */
+  if ((var->flags & JSV_LOCK_MASK)==JSV_LOCK_MASK) return; // if we had the max number of locks, don't unlock as we probably didn't lock enough (see https://github.com/espruino/Espruino/issues/2616)
   JsVarFlags f = var->flags -= JSV_LOCK_ONE;
   // Now see if we can properly free the data
   // Note: we check locks first as they are already in a register
