]> git.ipfire.org Git - thirdparty/vim.git/commitdiff
projects / thirdparty / vim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aaa16b0)
patch 9.0.1142: crash and/or memory leak when redefining function v9.0.1142
authorBram Moolenaar <Bram@vim.org>
Wed, 4 Jan 2023 13:16:20 +0000 (13:16 +0000)
committerBram Moolenaar <Bram@vim.org>
Wed, 4 Jan 2023 13:16:20 +0000 (13:16 +0000)
Problem:    Crash and/or memory leak when redefining function after error.
Solution:   Clear pointer after making a copy.  Clear arrays on failure.
            (closes #11774)

src/userfunc.c patch | blob | blame | history
src/version.c patch | blob | blame | history

diff --git a/src/userfunc.c b/src/userfunc.c
index 758b9eac5fa2580b9fc6b6fd7ed8629978800c30..46b6c91778882f1d449dd94029442aad30319ee4 100644 (file)
--- a/src/userfunc.c
+++ b/src/userfunc.c
@@ -525,9 +525,9 @@ parse_argument_types(ufunc_T *fp, garray_T *argtypes, int varargs)
 
        // Move the last argument "...name: type" to uf_va_name and
        // uf_va_type.
-       fp->uf_va_name = ((char_u **)fp->uf_args.ga_data)
-                                             [fp->uf_args.ga_len - 1];
        --fp->uf_args.ga_len;
+       fp->uf_va_name = ((char_u **)fp->uf_args.ga_data)[fp->uf_args.ga_len];
+       ((char_u **)fp->uf_args.ga_data)[fp->uf_args.ga_len] = NULL;
        p = ((char_u **)argtypes->ga_data)[len];
        if (p == NULL)
            // TODO: get type from default value
@@ -4787,7 +4787,7 @@ define_function(
     // invalid.
     ++p;
     if (get_function_args(&p, ')', &newargs,
-                       eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE,
+                        eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE,
                         NULL, &varargs, &default_args, eap->skip,
                         eap, in_class, &newlines, lines_to_free) == FAIL)
        goto errret_2;
@@ -5209,17 +5209,23 @@ define_function(
     goto ret_free;
 
 erret:
-    ga_clear_strings(&newargs);
-    ga_clear_strings(&default_args);
     if (fp != NULL)
     {
+       // these were set to "newargs" and "default_args", which are cleared
+       // below
        ga_init(&fp->uf_args);
        ga_init(&fp->uf_def_args);
     }
 errret_2:
+    ga_clear_strings(&newargs);
+    ga_clear_strings(&default_args);
     ga_clear_strings(&newlines);
     if (fp != NULL)
+    {
        VIM_CLEAR(fp->uf_arg_types);
+       VIM_CLEAR(fp->uf_va_name);
+       clear_type_list(&fp->uf_type_list);
+    }
     if (free_fp)
     {
        vim_free(fp);
diff --git a/src/version.c b/src/version.c
index 3bfa6d46ffe158fbb7b33abb08bf95664ea5e459..df02bb87b87dbd2ff06b2a993b296668a854d131 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -695,6 +695,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1142,
 /**/
     1141,
 /**/
Mirror of https://github.com/vim/vim.git