patch 9.0.1830: Vim9: crash when accessing a null object

Problem:  Vim9: crash when accessing a null object
Solution: Check accessing a NULL object in def function

An object is NULL when the variable is declared, but the constructor
isn't called. Accessing/setting a member on the object crashed Vim.

Note: this happens inside def functions, at script level things work
differently. Accessing a NULL object member results in E1360
(correctly), while setting a value on it results in E1012 (type
mismatch) so there's still something to fix.

closes: #12973

Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Gianmaria Bajo <mg1979.git@gmail.com>

diff --git a/src/testdir/test_vim9_class.vim b/src/testdir/test_vim9_class.vim
index 98db71d03ff0e0d78203df18ee4bfe525c76cf97..c859ee4e95401f7a3b317fe5d73ac172f2a47430 100644 (file)
--- a/src/testdir/test_vim9_class.vim
+++ b/src/testdir/test_vim9_class.vim
@@ -1180,6 +1180,61 @@ def Test_class_member()
   END
   v9.CheckScriptFailure(lines, 'E1010:')
 
+  # Test for setting a member on a null object
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    def F()
+        var obj: A
+        obj.val = ""
+    enddef
+    F()
+  END
+  v9.CheckScriptFailure(lines, 'E1360: Using a null object')
+
+  # Test for accessing a member on a null object
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    def F()
+        var obj: A
+        echo obj.val
+    enddef
+    F()
+  END
+  v9.CheckScriptFailure(lines, 'E1360: Using a null object')
+
+  # Test for setting a member on a null object, at script level
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    var obj: A
+    obj.val = ""
+  END
+  # FIXME(in source): this should give E1360 as well!
+  v9.CheckScriptFailure(lines, 'E1012: Type mismatch; expected object<A> but got string')
+
+  # Test for accessing a member on a null object, at script level
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    var obj: A
+    echo obj.val
+  END
+  v9.CheckScriptFailure(lines, 'E1360: Using a null object')
+
   # Test for no space before or after the '=' when initializing a member
   # variable
   lines =<< trim END

diff --git a/src/version.c b/src/version.c
index 634d6552956d8f86874de32580d63961586e2070..3aa10c6bed6381c45c52e132f728f29c59436cba 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -699,6 +699,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1830,
 /**/
     1829,
 /**/

diff --git a/src/vim9execute.c b/src/vim9execute.c
index 2eb6ba4cae92ff993079b881ba89b7e2a3ba1e65..b26934dc4740ca66e6ffbdc74b180d4ffa84824b 100644 (file)
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -2147,7 +2147,14 @@ execute_storeindex(isn_T *iptr, ectx_T *ectx)
     // -1 dict, list, blob or object
     tv = STACK_TV_BOT(-3);
     SOURCING_LNUM = iptr->isn_lnum;
-    if (dest_type == VAR_ANY)
+
+    // Make sure an object has been initialized
+    if (dest_type == VAR_OBJECT && tv_dest->vval.v_object == NULL)
+    {
+       emsg(_(e_using_null_object));
+       status = FAIL;
+    }
+    else if (dest_type == VAR_ANY)
     {
        dest_type = tv_dest->v_type;
        if (dest_type == VAR_DICT)