Mercurial > vim

diff src/vim9execute.c @ 22401:df1d7a560b35 v8.2.1749

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.1749: Vim9: crash when closure fails in nested function Commit: https://github.com/vim/vim/commit/c70bdab0b8a8262a3784084aa1e6271fee8452f1 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Sep 26 19:59:38 2020 +0200 patch 8.2.1749: Vim9: crash when closure fails in nested function Problem: Vim9: crash when closure fails in nested function. Solution: Handle function returns before dereferencing remaining closures. (closes #7008)
author Bram Moolenaar <Bram@vim.org>
date Sat, 26 Sep 2020 20:00:03 +0200
parents a9fb7efa31d6
children 4097509ecc1e
line wrap: on
line diff
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -310,9 +310,12 @@ handle_closure_in_use(ectx_T *ectx, int 
     // Check if any created closure is still in use.
     for (idx = 0; idx < closure_count; ++idx)
     {
-	partial_T *pt = ((partial_T **)gap->ga_data)[gap->ga_len
-							- closure_count + idx];
-
+	partial_T   *pt;
+	int	    off = gap->ga_len - closure_count + idx;
+
+	if (off < 0)
+	    continue;  // count is off or already done
+	pt = ((partial_T **)gap->ga_data)[off];
 	if (pt->pt_refcount > 1)
 	{
 	    int refcount = pt->pt_refcount;
@@ -2734,14 +2737,14 @@ done:
     ret = OK;
 
 failed:
-    // Also deal with closures when failed, they may already be in use
-    // somewhere.
-    handle_closure_in_use(&ectx, FALSE);
-
     // When failed need to unwind the call stack.
     while (ectx.ec_frame_idx != initial_frame_idx)
 	func_return(&ectx);
 
+    // Deal with any remaining closures, they may be in use somewhere.
+    if (ectx.ec_funcrefs.ga_len > 0)
+	handle_closure_in_use(&ectx, FALSE);
+
     estack_pop();
     current_sctx = save_current_sctx;