patch 9.0.2115: crash when callback function aborts because of recursiveness

Problem:  crash when callback function aborts because of recursiveness
Solution: correctly initialize rettv

Initialize rettv in invoke_popup_callback()

Since v9.0.2030, call_callback may exit early when the callback recurses
too much.  This meant that call_func, which would set rettv->v_type =
VAR_UNKNOWN, was not being called.

Without rettv->v_type being explicitly set, it still contained whatever
garbage was used to initialize the stack value in invoke_popup_callback.
This would lead to possible crashes when calling clear_tv(&rettv).

Rather than rely on action at a distance, explicitly initialize rettv's
type to VAR_UNKNOWN so clear_tv can tell nothing needs to be done.

closes: #13495
closes: #13545
Signed-off-by: James McCoy <jamessan@jamessan.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/popupwin.c b/src/popupwin.c
index de604858c4df89900dbeb44af6d6ee9969223782..64bb0b5be834e1476e85602890e82ce654883e0f 100644 (file)
--- a/src/popupwin.c
+++ b/src/popupwin.c
@@ -2382,6 +2382,8 @@ invoke_popup_callback(win_T *wp, typval_T *result)
     typval_T   rettv;
     typval_T   argv[3];
 
+    rettv.v_type = VAR_UNKNOWN;
+
     argv[0].v_type = VAR_NUMBER;
     argv[0].vval.v_number = (varnumber_T)wp->w_id;
 

diff --git a/src/version.c b/src/version.c
index 2a0a6e77dd25aa2b08a2559113a0a11cf3b8521f..5dbfc5d0837d347ebbfba1254ed86491de50fa3e 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    2115,
 /**/
     2114,
 /**/