Mercurial > vim
diff src/channel.c @ 8074:dc32c8026899 v7.4.1331
commit https://github.com/vim/vim/commit/d46ae142aa9452e99576b5e923de974704e3c896
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Feb 16 13:33:52 2016 +0100
patch 7.4.1331
Problem: Crash when closing the channel in a callback. (Christian J.
Robinson)
Solution: Take the callback out of the list before invoking it.
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Tue, 16 Feb 2016 13:45:04 +0100 |
| parents | 38887bf423ba |
| children | b6cb94ad97a4 |
line wrap: on
line diff
--- a/src/channel.c +++ b/src/channel.c @@ -888,8 +888,7 @@ channel_parse_json(channel_T *channel) } /* - * Remove "node" from the queue that it is in and free it. - * Also frees the contained callback name. + * Remove "node" from the queue that it is in. Does not free it. */ static void remove_cb_node(cbq_T *head, cbq_T *node) @@ -902,8 +901,6 @@ remove_cb_node(cbq_T *head, cbq_T *node) head->cq_prev = node->cq_prev; else node->cq_next->cq_prev = node->cq_prev; - vim_free(node->cq_callback); - vim_free(node); } /* @@ -1144,8 +1141,12 @@ may_invoke_callback(channel_T *channel) if (item->cq_seq_nr == seq_nr) { ch_log(channel, "Invoking one-time callback\n"); + /* Remove the item from the list first, if the callback + * invokes ch_close() the list will be cleared. */ + remove_cb_node(head, item); invoke_callback(channel, item->cq_callback, argv); - remove_cb_node(head, item); + vim_free(item->cq_callback); + vim_free(item); done = TRUE; break; } @@ -1329,7 +1330,13 @@ channel_clear(channel_T *channel) vim_free(channel_get(channel)); while (cb_head->cq_next != NULL) - remove_cb_node(cb_head, cb_head->cq_next); + { + cbq_T *node = cb_head->cq_next; + + remove_cb_node(cb_head, node); + vim_free(node->cq_callback); + vim_free(node); + } while (json_head->jq_next != NULL) {