diff options
| author | Bram Moolenaar <Bram@vim.org> | 2022-12-12 18:56:32 +0000 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2022-12-12 18:56:32 +0000 |
| commit | 6342e2c5a6570231aefabd8e34c2f2cb22f6927a (patch) | |
| tree | 68f2498cf9c05c16d55cd0d6953a1df65540c7f1 | |
| parent | 67578e5bcf7404d40d42876b738b72e68add1a3e (diff) | |
| download | vim-git-6342e2c5a6570231aefabd8e34c2f2cb22f6927a.tar.gz | |
patch 9.0.1050: using freed memory when assigning to variable twicev9.0.1050
Problem: Using freed memory when assigning to variable twice.
Solution: Make copy of the list type. (closes #11691)
| -rw-r--r-- | src/testdir/test_vim9_script.vim | 30 | ||||
| -rw-r--r-- | src/version.c | 2 | ||||
| -rw-r--r-- | src/vim9type.c | 3 |
3 files changed, 34 insertions, 1 deletions
diff --git a/src/testdir/test_vim9_script.vim b/src/testdir/test_vim9_script.vim index b6e1a89d2..c489ae55d 100644 --- a/src/testdir/test_vim9_script.vim +++ b/src/testdir/test_vim9_script.vim @@ -4519,6 +4519,36 @@ def Test_echo_uninit_variables() endif enddef +def Test_free_type_before_use() + # this rather complicated script was freeing a type before using it + var lines =<< trim END + vim9script + + def Scan(rel: list<dict<any>>): func(func(dict<any>)) + return (Emit: func(dict<any>)) => { + for t in rel + Emit(t) + endfor + } + enddef + + def Build(Cont: func(func(dict<any>))): list<dict<any>> + var rel: list<dict<any>> = [] + Cont((t) => { + add(rel, t) + }) + return rel + enddef + + var R = [{A: 0}] + var result = Scan(R)->Build() + result = Scan(R)->Build() + + assert_equal(R, result) + END + v9.CheckScriptSuccess(lines) +enddef + " Keep this last, it messes up highlighting. def Test_substitute_cmd() new diff --git a/src/version.c b/src/version.c index 48d9250cb..f72d53796 100644 --- a/src/version.c +++ b/src/version.c @@ -696,6 +696,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1050, +/**/ 1049, /**/ 1048, diff --git a/src/vim9type.c b/src/vim9type.c index f36fa5eea..5d37ac5dc 100644 --- a/src/vim9type.c +++ b/src/vim9type.c @@ -403,7 +403,8 @@ typval2type_int(typval_T *tv, int copyID, garray_T *type_gap, int flags) if (l->lv_type != NULL && (l->lv_first == NULL || (flags & TVTT_MORE_SPECIFIC) == 0 || l->lv_type->tt_member != &t_any)) - return l->lv_type; + // make a copy, lv_type may be freed if the list is freed + return copy_type(l->lv_type, type_gap); if (l->lv_first == &range_list_item) return &t_list_number; if (l->lv_copyID == copyID) |