Mercurial > vim

changeset 21064:6dc8625889fe v8.2.1083

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.1083: crash when using reduce() on a NULL list Commit: https://github.com/vim/vim/commit/fda20c4cc59008264676a6deb6a3095ed0c248e0 Author: Bram Moolenaar <Bram@vim.org> Date: Mon Jun 29 20:09:36 2020 +0200 patch 8.2.1083: crash when using reduce() on a NULL list Problem: Crash when using reduce() on a NULL list. Solution: Only access the list when not NULL.
author Bram Moolenaar <Bram@vim.org>
date Mon, 29 Jun 2020 20:15:04 +0200
parents 13d20724efa1
children 7758191b9cd5
files src/list.c src/testdir/test_listdict.vim src/version.c
diffstat 3 files changed, 23 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/src/list.c
+++ b/src/list.c
@@ -2475,10 +2475,10 @@ f_reduce(typval_T *argvars, typval_T *re
 	list_T	    *l = argvars[0].vval.v_list;
 	listitem_T  *li = NULL;
 	int	    r;
-	int	    prev_locked = l->lv_lock;
 	int	    called_emsg_start = called_emsg;
 
-	CHECK_LIST_MATERIALIZE(l);
+	if (l != NULL)
+	    CHECK_LIST_MATERIALIZE(l);
 	if (argvars[2].v_type == VAR_UNKNOWN)
 	{
 	    if (l == NULL || l->lv_first == NULL)
@@ -2495,20 +2495,25 @@ f_reduce(typval_T *argvars, typval_T *re
 	    if (l != NULL)
 		li = l->lv_first;
 	}
+	copy_tv(&initial, rettv);
 
-	l->lv_lock = VAR_FIXED;  // disallow the list changing here
-	copy_tv(&initial, rettv);
-	for ( ; li != NULL; li = li->li_next)
+	if (l != NULL)
 	{
-	    argv[0] = *rettv;
-	    argv[1] = li->li_tv;
-	    rettv->v_type = VAR_UNKNOWN;
-	    r = call_func(func_name, -1, rettv, 2, argv, &funcexe);
-	    clear_tv(&argv[0]);
-	    if (r == FAIL || called_emsg != called_emsg_start)
-		break;
+	    int	    prev_locked = l->lv_lock;
+
+	    l->lv_lock = VAR_FIXED;  // disallow the list changing here
+	    for ( ; li != NULL; li = li->li_next)
+	    {
+		argv[0] = *rettv;
+		argv[1] = li->li_tv;
+		rettv->v_type = VAR_UNKNOWN;
+		r = call_func(func_name, -1, rettv, 2, argv, &funcexe);
+		clear_tv(&argv[0]);
+		if (r == FAIL || called_emsg != called_emsg_start)
+		    break;
+	    }
+	    l->lv_lock = prev_locked;
 	}
-	l->lv_lock = prev_locked;
     }
     else
     {
--- a/src/testdir/test_listdict.vim
+++ b/src/testdir/test_listdict.vim
@@ -718,6 +718,9 @@ func Test_reduce()
   call assert_fails("call reduce(g:lut, { acc, val -> EvilRemove() }, 1)", 'E742:')
   unlet g:lut
   delfunc EvilRemove
+
+  call assert_equal(42, reduce(test_null_list(), function('add'), 42))
+  call assert_equal(42, reduce(test_null_blob(), function('add'), 42))
 endfunc
 
 " splitting a string to a List using split()
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1083,
+/**/
     1082,
 /**/
     1081,