summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBram Moolenaar <Bram@vim.org>2021-09-11 20:20:38 +0200
committerBram Moolenaar <Bram@vim.org>2021-09-11 20:20:38 +0200
commitb3bf33a7b227df871834e816c4ce4b2706b56bea (patch)
treed19c84a9eae05efb04ae17172dce8169b5288dc9
parent4b4b1b84eee70b74fa3bb57624533c65bafd8428 (diff)
downloadvim-git-8.2.3427.tar.gz
patch 8.2.3427: double free when list is copiedv8.2.3427
Problem: Double free when list is copied. Solution: Allocate the type when making a copy. (closes #8862) Clear the type for flattennew(). Avoid a memory leak when flattennew() fails.
-rw-r--r--src/list.c8
-rw-r--r--src/testdir/test_vim9_builtin.vim14
-rw-r--r--src/version.c2
3 files changed, 19 insertions, 5 deletions
diff --git a/src/list.c b/src/list.c
index 336bf3ba7..8e67a61db 100644
--- a/src/list.c
+++ b/src/list.c
@@ -952,7 +952,10 @@ list_flatten(list_T *list, long maxdepth)
vimlist_remove(list, item, item);
if (list_extend(list, item->li_tv.vval.v_list, next) == FAIL)
+ {
+ list_free_item(list, item);
return;
+ }
clear_tv(&item->li_tv);
tofree = item;
@@ -1023,6 +1026,9 @@ flatten_common(typval_T *argvars, typval_T *rettv, int make_copy)
rettv->vval.v_list = l;
if (l == NULL)
return;
+ // The type will change.
+ free_type(l->lv_type);
+ l->lv_type = NULL;
}
else
{
@@ -1217,7 +1223,7 @@ list_copy(list_T *orig, int deep, int copyID)
copy = list_alloc();
if (copy != NULL)
{
- copy->lv_type = orig->lv_type;
+ copy->lv_type = alloc_type(orig->lv_type);
if (copyID != 0)
{
// Do this before adding the items, because one of the items may
diff --git a/src/testdir/test_vim9_builtin.vim b/src/testdir/test_vim9_builtin.vim
index 95d4e4d85..5f22b333d 100644
--- a/src/testdir/test_vim9_builtin.vim
+++ b/src/testdir/test_vim9_builtin.vim
@@ -1090,6 +1090,13 @@ def Test_findfile()
CheckDefAndScriptFailure2(['findfile("a", "b", "c")'], 'E1013: Argument 3: type mismatch, expected number but got string', 'E1210: Number required for argument 3')
enddef
+def Test_flatten()
+ var lines =<< trim END
+ echo flatten([1, 2, 3])
+ END
+ CheckDefAndScriptFailure(lines, 'E1158:')
+enddef
+
def Test_flattennew()
var lines =<< trim END
var l = [1, [2, [3, 4]], 5]
@@ -1098,13 +1105,12 @@ def Test_flattennew()
call assert_equal([1, 2, [3, 4], 5], flattennew(l, 1))
call assert_equal([1, [2, [3, 4]], 5], l)
+
+ var ll: list<list<string>> = [['a', 'b', 'c']]
+ assert_equal(['a', 'b', 'c'], ll->flattennew())
END
CheckDefAndScriptSuccess(lines)
- lines =<< trim END
- echo flatten([1, 2, 3])
- END
- CheckDefAndScriptFailure(lines, 'E1158:')
CheckDefAndScriptFailure2(['flattennew({})'], 'E1013: Argument 1: type mismatch, expected list<any> but got dict<unknown>', 'E1211: List required for argument 1')
CheckDefAndScriptFailure2(['flattennew([], "1")'], 'E1013: Argument 2: type mismatch, expected number but got string', 'E1210: Number required for argument 2')
enddef
diff --git a/src/version.c b/src/version.c
index c98249b94..f82881fc0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -756,6 +756,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 3427,
+/**/
3426,
/**/
3425,