From 537baf3e1cffabc7638cc5f2f88d8badbe30eed2 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Sun, 6 Mar 2022 22:57:33 +0100
Subject: [PATCH] Filter: Fix bug in variable shadowing

When a new variable used the same name as an existing symbol in an outer
scope, then offset number was defined based on a scope of the existing
symbol ($3) instead of a scope of the new symbol (sym_). That can lead
to two variables sharing the same memory slot.
---
 filter/config.Y | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/filter/config.Y b/filter/config.Y
index 82a072ab..51e7822f 100644
--- a/filter/config.Y
+++ b/filter/config.Y
@@ -408,7 +408,7 @@ function_argsn:
  | function_argsn type symbol ';' {
      if ($3->scope->slots >= 0xfe) cf_error("Too many declarations, at most 255 allowed");
      $$ = cfg_alloc(sizeof(struct f_arg));
-     $$->arg = cf_define_symbol($3, SYM_VARIABLE | $2, offset, $3->scope->slots++);
+     $$->arg = cf_define_symbol($3, SYM_VARIABLE | $2, offset, sym_->scope->slots++);
      $$->next = $1;
    }
  ;
@@ -417,7 +417,7 @@ function_args:
    '(' ')' { $$ = NULL; }
  | '(' function_argsn type symbol ')' {
      $$ = cfg_alloc(sizeof(struct f_arg));
-     $$->arg = cf_define_symbol($4, SYM_VARIABLE | $3, offset, $4->scope->slots++);
+     $$->arg = cf_define_symbol($4, SYM_VARIABLE | $3, offset, sym_->scope->slots++);
      $$->next = $2;
    }
  ;
@@ -425,7 +425,7 @@ function_args:
 function_vars:
    /* EMPTY */ { $$ = 0; }
  | function_vars type symbol ';' {
-     cf_define_symbol($3, SYM_VARIABLE | $2, offset, $3->scope->slots++);
+     cf_define_symbol($3, SYM_VARIABLE | $2, offset, sym_->scope->slots++);
      $$ = $1 + 1;
    }
  ;