From 3e1532562cc3df7427d83f781de6036207e9ed09 Mon Sep 17 00:00:00 2001 From: David Chisnall Date: Fri, 17 Apr 2026 10:49:37 +0100 Subject: [PATCH 1/2] Remove some largely-dead error handling. The runtime does not claim to work in memory-exhaustion cases and doing checks *sometimes* is worse than doing them all the time, especially when the checks are wrong. --- selector_table.cc | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/selector_table.cc b/selector_table.cc index 3723ad57..723e33d0 100644 --- a/selector_table.cc +++ b/selector_table.cc @@ -484,22 +484,13 @@ SEL objc_register_selector_copy(UnregisteredSelector &aSel, BOOL copyArgs) else { copy->name = strdup(aSel.name); - if (copy->name == nullptr) - { - fprintf(stderr, "Failed to allocate memory for selector %s\n", aSel.name); - abort(); - } assert(copy->name); selector_name_copies += strlen(copy->name); } if (copy->types != nullptr) { copy->types = strdup(copy->types); - if (copy->name == nullptr) - { - fprintf(stderr, "Failed to allocate memory for selector %s\n", aSel.name); - abort(); - } + assert(copy->types); selector_name_copies += strlen(copy->types); } } From a0e8f60de2bf4d5e9e644226458059db51d47551 Mon Sep 17 00:00:00 2001 From: David Chisnall Date: Fri, 17 Apr 2026 10:51:49 +0100 Subject: [PATCH 2/2] Fix almost-unreachable use-after-free. --- eh_personality.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/eh_personality.c b/eh_personality.c index d638d977..193b78b0 100644 --- a/eh_personality.c +++ b/eh_personality.c @@ -735,10 +735,11 @@ OBJC_PUBLIC void objc_exception_rethrow(struct _Unwind_Exception *e) // rethrown exception in objc_end_catch ex->catch_count = -ex->catch_count; _Unwind_Reason_Code err = _Unwind_Resume_or_Rethrow(e); + id object = ex->object; free(ex); if (_URC_END_OF_STACK == err && 0 != _objc_unexpected_exception) { - _objc_unexpected_exception(ex->object); + _objc_unexpected_exception(object); } abort(); }