Mercurial > vim
diff src/list.c @ 21064:6dc8625889fe v8.2.1083
patch 8.2.1083: crash when using reduce() on a NULL list
Commit: https://github.com/vim/vim/commit/fda20c4cc59008264676a6deb6a3095ed0c248e0
Author: Bram Moolenaar <Bram@vim.org>
Date: Mon Jun 29 20:09:36 2020 +0200
patch 8.2.1083: crash when using reduce() on a NULL list
Problem: Crash when using reduce() on a NULL list.
Solution: Only access the list when not NULL.
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Mon, 29 Jun 2020 20:15:04 +0200 |
| parents | 0ca7e04d39e3 |
| children | b0baa80cb53f |
line wrap: on
line diff
--- a/src/list.c +++ b/src/list.c @@ -2475,10 +2475,10 @@ f_reduce(typval_T *argvars, typval_T *re list_T *l = argvars[0].vval.v_list; listitem_T *li = NULL; int r; - int prev_locked = l->lv_lock; int called_emsg_start = called_emsg; - CHECK_LIST_MATERIALIZE(l); + if (l != NULL) + CHECK_LIST_MATERIALIZE(l); if (argvars[2].v_type == VAR_UNKNOWN) { if (l == NULL || l->lv_first == NULL) @@ -2495,20 +2495,25 @@ f_reduce(typval_T *argvars, typval_T *re if (l != NULL) li = l->lv_first; } + copy_tv(&initial, rettv); - l->lv_lock = VAR_FIXED; // disallow the list changing here - copy_tv(&initial, rettv); - for ( ; li != NULL; li = li->li_next) + if (l != NULL) { - argv[0] = *rettv; - argv[1] = li->li_tv; - rettv->v_type = VAR_UNKNOWN; - r = call_func(func_name, -1, rettv, 2, argv, &funcexe); - clear_tv(&argv[0]); - if (r == FAIL || called_emsg != called_emsg_start) - break; + int prev_locked = l->lv_lock; + + l->lv_lock = VAR_FIXED; // disallow the list changing here + for ( ; li != NULL; li = li->li_next) + { + argv[0] = *rettv; + argv[1] = li->li_tv; + rettv->v_type = VAR_UNKNOWN; + r = call_func(func_name, -1, rettv, 2, argv, &funcexe); + clear_tv(&argv[0]); + if (r == FAIL || called_emsg != called_emsg_start) + break; + } + l->lv_lock = prev_locked; } - l->lv_lock = prev_locked; } else {