Mercurial > vim

changeset 17127:d244a9be99db v8.1.1563

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.1.1563: crash when using closures commit https://github.com/vim/vim/commit/6e5000d493b4f385f901eb97f3ce0c8088373403 Author: Bram Moolenaar <Bram@vim.org> Date: Mon Jun 17 21:18:41 2019 +0200 patch 8.1.1563: crash when using closures Problem: Crash when using closures. Solution: Set reference in varlist of funccal when running the garbage collector. (Ozaki Kiichi, closes #4554, closes #4547)
author Bram Moolenaar <Bram@vim.org>
date Mon, 17 Jun 2019 21:30:08 +0200
parents e35620f6d395
children ba266d95db3f
files src/testdir/test_vimscript.vim src/userfunc.c src/version.c
diffstat 3 files changed, 26 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/src/testdir/test_vimscript.vim
+++ b/src/testdir/test_vimscript.vim
@@ -1665,6 +1665,17 @@ func Test_refcount()
     delfunc DictFunc
 endfunc
 
+func! Test_funccall_garbage_collect()
+    func Func(x, ...)
+        call add(a:x, a:000)
+    endfunc
+    call Func([], [])
+    " Must not crash cause by invalid freeing
+    call test_garbagecollect_now()
+    call assert_true(v:true)
+    delfunc Func
+endfunc
+
 "-------------------------------------------------------------------------------
 " Modelines								    {{{1
 " vim: ts=8 sw=4 tw=80 fdm=marker
--- a/src/userfunc.c
+++ b/src/userfunc.c
@@ -935,12 +935,9 @@ call_user_func(
 	    v->di_flags |= DI_FLAGS_RO | DI_FLAGS_FIX;
 	}
 
-	if (isdefault)
-	    v->di_tv = def_rettv;
-	else
-	    // Note: the values are copied directly to avoid alloc/free.
-	    // "argvars" must have VAR_FIXED for v_lock.
-	    v->di_tv = argvars[i];
+	// Note: the values are copied directly to avoid alloc/free.
+	// "argvars" must have VAR_FIXED for v_lock.
+	v->di_tv = isdefault ? def_rettv : argvars[i];
 	v->di_tv.v_lock = VAR_FIXED;
 
 	if (addlocal)
@@ -1540,7 +1537,6 @@ call_func(
 	}
     }
 
-
     /*
      * Execute the function if executing and no errors were detected.
      */
@@ -3998,13 +3994,13 @@ set_ref_in_previous_funccal(int copyID)
     int		abort = FALSE;
     funccall_T	*fc;
 
-    for (fc = previous_funccal; fc != NULL; fc = fc->caller)
+    for (fc = previous_funccal; !abort && fc != NULL; fc = fc->caller)
     {
 	fc->fc_copyID = copyID + 1;
-	abort = abort || set_ref_in_ht(&fc->l_vars.dv_hashtab, copyID + 1,
-									NULL);
-	abort = abort || set_ref_in_ht(&fc->l_avars.dv_hashtab, copyID + 1,
-									NULL);
+	abort = abort
+	    || set_ref_in_ht(&fc->l_vars.dv_hashtab, copyID + 1, NULL)
+	    || set_ref_in_ht(&fc->l_avars.dv_hashtab, copyID + 1, NULL)
+	    || set_ref_in_list(&fc->l_varlist, copyID + 1, NULL);
     }
     return abort;
 }
@@ -4017,9 +4013,11 @@ set_ref_in_funccal(funccall_T *fc, int c
     if (fc->fc_copyID != copyID)
     {
 	fc->fc_copyID = copyID;
-	abort = abort || set_ref_in_ht(&fc->l_vars.dv_hashtab, copyID, NULL);
-	abort = abort || set_ref_in_ht(&fc->l_avars.dv_hashtab, copyID, NULL);
-	abort = abort || set_ref_in_func(NULL, fc->func, copyID);
+	abort = abort
+	    || set_ref_in_ht(&fc->l_vars.dv_hashtab, copyID, NULL)
+	    || set_ref_in_ht(&fc->l_avars.dv_hashtab, copyID, NULL)
+	    || set_ref_in_list(&fc->l_varlist, copyID, NULL)
+	    || set_ref_in_func(NULL, fc->func, copyID);
     }
     return abort;
 }
--- a/src/version.c
+++ b/src/version.c
@@ -778,6 +778,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1563,
+/**/
     1562,
 /**/
     1561,