Mercurial > vim

changeset 28125:ed151877ebac v8.2.4587

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.4587: Vim9: double free after unpacking a list Commit: https://github.com/vim/vim/commit/61efa16932d485fc724e4b94a8e7078a176c9946 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Mar 18 13:10:48 2022 +0000 patch 8.2.4587: Vim9: double free after unpacking a list Problem: Vim9: double free after unpacking a list. Solution: Make a copy of the value instead of moving it. (closes https://github.com/vim/vim/issues/9968)
author Bram Moolenaar <Bram@vim.org>
date Fri, 18 Mar 2022 14:15:04 +0100
parents 72a573de6f5a
children b8f593e7c080
files src/testdir/test_vim9_script.vim src/version.c src/vim9execute.c
diffstat 3 files changed, 13 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/testdir/test_vim9_script.vim
+++ b/src/testdir/test_vim9_script.vim
@@ -2253,6 +2253,13 @@ def Test_for_loop_unpack()
         res->add(n)
       endfor
       assert_equal([2, 5], res)
+
+      var text: list<string> = ["hello there", "goodbye now"]
+      var splitted = ''
+      for [first; next] in mapnew(text, (i, v) => split(v))
+          splitted ..= string(first) .. string(next) .. '/'
+      endfor
+      assert_equal("'hello'['there']/'goodbye'['now']/", splitted)
   END
   v9.CheckDefAndScriptSuccess(lines)
 
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    4587,
+/**/
     4586,
 /**/
     4585,
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -4773,7 +4773,10 @@ exec_instructions(ectx_T *ectx)
 			    li = li->li_next;
 			for (i = 0; li != NULL; ++i)
 			{
-			    list_set_item(rem_list, i, &li->li_tv);
+			    typval_T tvcopy;
+
+			    copy_tv(&li->li_tv, &tvcopy);
+			    list_set_item(rem_list, i, &tvcopy);
 			    li = li->li_next;
 			}
 			--count;