vim: src/vim9compile.c comparison

comparison src/vim9compile.c @ 21979:a98211c3e14e v8.2.1539

patch 8.2.1539: using invalid script ID causes a crash Commit: https://github.com/vim/vim/commit/e3d4685f1f716e0c516332101d85e0930f20fc59 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Aug 29 13:39:17 2020 +0200 patch 8.2.1539: using invalid script ID causes a crash Problem: Using invalid script ID causes a crash. Solution: Check the script ID to be valid. (closes https://github.com/vim/vim/issues/6804)

author	Bram Moolenaar <Bram@vim.org>
date	Sat, 29 Aug 2020 13:45:03 +0200
parents	bf956766afa8
children	a9e60176dcd3

comparison

equal deleted inserted replaced

-:3c923f3b100f
+:a98211c3e14e
 dictitem_T	    *di;
 scriptitem_T    *si = SCRIPT_ITEM(sid);
 int		    idx;
 // First look the name up in the hashtable.
-if (sid <= 0 || sid > script_items.ga_len)
+if (!SCRIPT_ID_VALID(sid))
 	return -1;
 ht = &SCRIPT_VARS(sid);
 di = find_var_in_ht(ht, 0, name, TRUE);
 if (di == NULL)
 	return -2;
 imported_T *
 find_imported(char_u *name, size_t len, cctx_T *cctx)
 {
 int		    idx;
-if (current_sctx.sc_sid <= 0)
+if (!SCRIPT_ID_VALID(current_sctx.sc_sid))
 	return NULL;
 if (cctx != NULL)
 	for (idx = 0; idx < cctx->ctx_imports.ga_len; ++idx)
 	{
 	    imported_T *import = ((imported_T *)cctx->ctx_imports.ga_data)
 }
 imported_T *
 find_imported_in_script(char_u *name, size_t len, int sid)
 {
-scriptitem_T    *si = SCRIPT_ITEM(sid);
+scriptitem_T    *si;
 int		    idx;
+if (!SCRIPT_ID_VALID(sid))
+	return NULL;
+si = SCRIPT_ITEM(sid);
 for (idx = 0; idx < si->sn_imports.ga_len; ++idx)
 {
 	imported_T *import = ((imported_T *)si->sn_imports.ga_data) + idx;
 	if (len == 0 ? STRCMP(name, import->imp_name) == 0
 	char_u *name,	    // variable NUL terminated
 	char_u *start,	    // start of variable
 	char_u **end,	    // end of variable
 	int    error)	    // when TRUE may give error
 {
-scriptitem_T    *si = SCRIPT_ITEM(current_sctx.sc_sid);
+scriptitem_T    *si;
-int		    idx = get_script_item_idx(current_sctx.sc_sid, name, FALSE);
+int		    idx;
 imported_T	    *import;
+if (!SCRIPT_ID_VALID(current_sctx.sc_sid))
+	return FAIL;
+si = SCRIPT_ITEM(current_sctx.sc_sid);
+idx = get_script_item_idx(current_sctx.sc_sid, name, FALSE);
 if (idx == -1 || si->sn_version != SCRIPT_VERSION_VIM9)
 {
 	// variable is not in sn_var_vals: old style script.
 	return generate_OLDSCRIPT(cctx, ISN_LOADS, name, current_sctx.sc_sid,
 								       &t_any);
 			// existing script-local variables should have a type
 			scriptvar_sid = current_sctx.sc_sid;
 			if (import != NULL)
 			    scriptvar_sid = import->imp_sid;
-			scriptvar_idx = get_script_item_idx(scriptvar_sid,
+			if (SCRIPT_ID_VALID(scriptvar_sid))
+			{
+			    scriptvar_idx = get_script_item_idx(scriptvar_sid,
 								rawname, TRUE);
-			if (scriptvar_idx >= 0)
+			    if (scriptvar_idx > 0)
-			{
+			    {
-			    scriptitem_T *si = SCRIPT_ITEM(scriptvar_sid);
+				scriptitem_T *si = SCRIPT_ITEM(scriptvar_sid);
-			    svar_T	     *sv =
+				svar_T	     *sv =
 					    ((svar_T *)si->sn_var_vals.ga_data)
 							       + scriptvar_idx;
-			    type = sv->sv_type;
+				type = sv->sv_type;
+			    }
 			}
 		    }
 		    else if (name[1] == ':' && name[2] != NUL)
 		    {
 			semsg(_(e_cannot_use_namespaced_variable), name);

Mercurial > vim

comparison src/vim9compile.c @ 21979:a98211c3e14e v8.2.1539