Mercurial > vim

diff src/vim9execute.c @ 28125:ed151877ebac v8.2.4587
patch 8.2.4587: Vim9: double free after unpacking a list Commit: https://github.com/vim/vim/commit/61efa16932d485fc724e4b94a8e7078a176c9946 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Mar 18 13:10:48 2022 +0000 patch 8.2.4587: Vim9: double free after unpacking a list Problem: Vim9: double free after unpacking a list. Solution: Make a copy of the value instead of moving it. (closes https://github.com/vim/vim/issues/9968)
author: Bram Moolenaar <Bram@vim.org>
date: Fri, 18 Mar 2022 14:15:04 +0100
parents: 3bc0a639dfb0
children: d8bf200cd761
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -4773,7 +4773,10 @@ exec_instructions(ectx_T *ectx)
 			    li = li->li_next;
 			for (i = 0; li != NULL; ++i)
 			{
-			    list_set_item(rem_list, i, &li->li_tv);
+			    typval_T tvcopy;
+
+			    copy_tv(&li->li_tv, &tvcopy);
+			    list_set_item(rem_list, i, &tvcopy);
 			    li = li->li_next;
 			}
 			--count;
author	Bram Moolenaar <Bram@vim.org>
date	Fri, 18 Mar 2022 14:15:04 +0100
parents	3bc0a639dfb0
children	d8bf200cd761