aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-25 03:54:15 -04:00
Code Activity

patch 8.2.2364: Vim9: line break in lambda accesses freed memory

Browse Source 
Problem:    Vim9: line break in lambda accesses freed memory.
Solution:   Make a copy of the return type. (closes #7664)
This commit is contained in:
Bram Moolenaar
2021-01-16 18:09:52 +01:00
parent 9ebcf231bd
commit f898f7c68d
3 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/testdir/test_vim9_func.vim
View File

@@ -1811,6 +1811,18 @@ enddef
def Test_line_continuation_in_lambda() def Test_line_continuation_in_lambda()
Line_continuation_in_lambda()->assert_equal(['D', 'C', 'B', 'A']) Line_continuation_in_lambda()->assert_equal(['D', 'C', 'B', 'A'])
var lines =<< trim END
vim9script
var res = [{n: 1, m: 2, s: 'xxx'}]
->mapnew((_, v: dict<any>): string => printf('%d:%d:%s',
v.n,
v.m,
substitute(v.s, '.*', 'yyy', '')
))
assert_equal(['1:2:yyy'], res)
END
CheckScriptSuccess(lines)
enddef enddef
def Test_list_lambda() def Test_list_lambda()

22
src/userfunc.c
View File

@@ -539,7 +539,8 @@ get_lambda_tv(
char_u *start, *end; char_u *start, *end;
int *old_eval_lavars = eval_lavars_used; int *old_eval_lavars = eval_lavars_used;
int eval_lavars = FALSE; int eval_lavars = FALSE;
char_u *tofree = NULL; char_u *tofree1 = NULL;
char_u *tofree2 = NULL;
int equal_arrow = **arg == '('; int equal_arrow = **arg == '(';
int white_error = FALSE; int white_error = FALSE;
@@ -582,6 +583,13 @@ get_lambda_tv(
} }
*arg = s; *arg = s;
// Skipping over linebreaks may make "ret_type" invalid, make a copy.
if (ret_type != NULL)
{
ret_type = vim_strsave(ret_type);
tofree2 = ret_type;
}
// Set up a flag for checking local variables and arguments. // Set up a flag for checking local variables and arguments.
if (evaluate) if (evaluate)
eval_lavars_used = &eval_lavars; eval_lavars_used = &eval_lavars;
@@ -605,7 +613,7 @@ get_lambda_tv(
if (evalarg != NULL) if (evalarg != NULL)
{ {
// avoid that the expression gets freed when another line break follows // avoid that the expression gets freed when another line break follows
tofree = evalarg->eval_tofree; tofree1 = evalarg->eval_tofree;
evalarg->eval_tofree = NULL; evalarg->eval_tofree = NULL;
} }
@@ -700,9 +708,10 @@ get_lambda_tv(
eval_lavars_used = old_eval_lavars; eval_lavars_used = old_eval_lavars;
if (evalarg != NULL && evalarg->eval_tofree == NULL) if (evalarg != NULL && evalarg->eval_tofree == NULL)
evalarg->eval_tofree = tofree; evalarg->eval_tofree = tofree1;
else else
vim_free(tofree); vim_free(tofree1);
vim_free(tofree2);
if (types_optional) if (types_optional)
ga_clear_strings(&argtypes); ga_clear_strings(&argtypes);
return OK; return OK;
@@ -715,9 +724,10 @@ errret:
vim_free(fp); vim_free(fp);
vim_free(pt); vim_free(pt);
if (evalarg != NULL && evalarg->eval_tofree == NULL) if (evalarg != NULL && evalarg->eval_tofree == NULL)
evalarg->eval_tofree = tofree; evalarg->eval_tofree = tofree1;
else else
vim_free(tofree); vim_free(tofree1);
vim_free(tofree2);
eval_lavars_used = old_eval_lavars; eval_lavars_used = old_eval_lavars;
return FAIL; return FAIL;
} }

2
src/version.c
View File

@@ -750,6 +750,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
2364,
/**/ /**/
2363, 2363,
/**/ /**/