Mercurial > vim

diff src/vim9compile.c @ 21979:a98211c3e14e v8.2.1539

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.1539: using invalid script ID causes a crash Commit: https://github.com/vim/vim/commit/e3d4685f1f716e0c516332101d85e0930f20fc59 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Aug 29 13:39:17 2020 +0200 patch 8.2.1539: using invalid script ID causes a crash Problem: Using invalid script ID causes a crash. Solution: Check the script ID to be valid. (closes https://github.com/vim/vim/issues/6804)
author Bram Moolenaar <Bram@vim.org>
date Sat, 29 Aug 2020 13:45:03 +0200
parents bf956766afa8
children a9e60176dcd3
line wrap: on
line diff
--- a/src/vim9compile.c
+++ b/src/vim9compile.c
@@ -1661,7 +1661,7 @@ get_script_item_idx(int sid, char_u *nam
     int		    idx;
 
     // First look the name up in the hashtable.
-    if (sid <= 0 || sid > script_items.ga_len)
+    if (!SCRIPT_ID_VALID(sid))
 	return -1;
     ht = &SCRIPT_VARS(sid);
     di = find_var_in_ht(ht, 0, name, TRUE);
@@ -1692,7 +1692,7 @@ find_imported(char_u *name, size_t len, 
 {
     int		    idx;
 
-    if (current_sctx.sc_sid <= 0)
+    if (!SCRIPT_ID_VALID(current_sctx.sc_sid))
 	return NULL;
     if (cctx != NULL)
 	for (idx = 0; idx < cctx->ctx_imports.ga_len; ++idx)
@@ -1712,9 +1712,12 @@ find_imported(char_u *name, size_t len, 
     imported_T *
 find_imported_in_script(char_u *name, size_t len, int sid)
 {
-    scriptitem_T    *si = SCRIPT_ITEM(sid);
+    scriptitem_T    *si;
     int		    idx;
 
+    if (!SCRIPT_ID_VALID(sid))
+	return NULL;
+    si = SCRIPT_ITEM(sid);
     for (idx = 0; idx < si->sn_imports.ga_len; ++idx)
     {
 	imported_T *import = ((imported_T *)si->sn_imports.ga_data) + idx;
@@ -1966,10 +1969,14 @@ compile_load_scriptvar(
 	char_u **end,	    // end of variable
 	int    error)	    // when TRUE may give error
 {
-    scriptitem_T    *si = SCRIPT_ITEM(current_sctx.sc_sid);
-    int		    idx = get_script_item_idx(current_sctx.sc_sid, name, FALSE);
+    scriptitem_T    *si;
+    int		    idx;
     imported_T	    *import;
 
+    if (!SCRIPT_ID_VALID(current_sctx.sc_sid))
+	return FAIL;
+    si = SCRIPT_ITEM(current_sctx.sc_sid);
+    idx = get_script_item_idx(current_sctx.sc_sid, name, FALSE);
     if (idx == -1 || si->sn_version != SCRIPT_VERSION_VIM9)
     {
 	// variable is not in sn_var_vals: old style script.
@@ -4750,15 +4757,18 @@ compile_assignment(char_u *arg, exarg_T 
 			scriptvar_sid = current_sctx.sc_sid;
 			if (import != NULL)
 			    scriptvar_sid = import->imp_sid;
-			scriptvar_idx = get_script_item_idx(scriptvar_sid,
+			if (SCRIPT_ID_VALID(scriptvar_sid))
+			{
+			    scriptvar_idx = get_script_item_idx(scriptvar_sid,
 								rawname, TRUE);
-			if (scriptvar_idx >= 0)
-			{
-			    scriptitem_T *si = SCRIPT_ITEM(scriptvar_sid);
-			    svar_T	     *sv =
+			    if (scriptvar_idx > 0)
+			    {
+				scriptitem_T *si = SCRIPT_ITEM(scriptvar_sid);
+				svar_T	     *sv =
 					    ((svar_T *)si->sn_var_vals.ga_data)
 							       + scriptvar_idx;
-			    type = sv->sv_type;
+				type = sv->sv_type;
+			    }
 			}
 		    }
 		    else if (name[1] == ':' && name[2] != NUL)