Mercurial > vim
comparison src/vim9execute.c @ 26747:a8a4e1e7b111 v8.2.3902
patch 8.2.3902: Vim9: double free with nested :def function
Commit: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun Dec 26 14:23:22 2021 +0000
patch 8.2.3902: Vim9: double free with nested :def function
Problem: Vim9: double free with nested :def function.
Solution: Pass "line_to_free" from compile_def_function() and make sure
cmdlinep is valid.
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Sun, 26 Dec 2021 15:30:02 +0100 |
| parents | b969fdb8cd46 |
| children | fc859aea8cec |
comparison
equal
deleted
inserted
replaced
| 26746:57551c0135af | 26747:a8a4e1e7b111 |
|---|---|
| 3343 if (iptr->isn_arg.string == NULL) | 3343 if (iptr->isn_arg.string == NULL) |
| 3344 list_functions(NULL); | 3344 list_functions(NULL); |
| 3345 else | 3345 else |
| 3346 { | 3346 { |
| 3347 exarg_T ea; | 3347 exarg_T ea; |
| 3348 char_u *line_to_free = NULL; | |
| 3348 | 3349 |
| 3349 CLEAR_FIELD(ea); | 3350 CLEAR_FIELD(ea); |
| 3350 ea.cmd = ea.arg = iptr->isn_arg.string; | 3351 ea.cmd = ea.arg = iptr->isn_arg.string; |
| 3351 define_function(&ea, NULL); | 3352 define_function(&ea, NULL, &line_to_free); |
| 3353 vim_free(line_to_free); | |
| 3352 } | 3354 } |
| 3353 break; | 3355 break; |
| 3354 | 3356 |
| 3355 // jump if a condition is met | 3357 // jump if a condition is met |
| 3356 case ISN_JUMP: | 3358 case ISN_JUMP: |