# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1619355604 -7200
# Node ID df90c61c306cc08a4b988f11bb70ad5583f54b38
# Parent  e0bc78dd25eefe3341cc88e5b1b8e3215485df49
patch 8.2.2810: Vim9: crash when calling a function in a substitute expression

Commit: https://github.com/vim/vim/commit/d386e923c751f389b2ac038ff2cb7b40035f8cc6
Author: Bram Moolenaar <Bram@vim.org>
Date:   Sun Apr 25 14:48:49 2021 +0200

    patch 8.2.2810: Vim9: crash when calling a function in a substitute expression

    Problem:    Vim9: crash when calling a function in a substitute expression.
    Solution:   Set the instructions back to the substitute expression
                instrunctions. (closes #8148)

diff --git a/src/testdir/test_vim9_cmd.vim b/src/testdir/test_vim9_cmd.vim
--- a/src/testdir/test_vim9_cmd.vim
+++ b/src/testdir/test_vim9_cmd.vim
@@ -1194,10 +1194,31 @@ def Test_substitute_expr()
   endfor
   assert_equal('yes no abc', getline(1))
 
+  bwipe!
+
   CheckDefFailure(['s/from/\="x")/'], 'E488:')
   CheckDefFailure(['s/from/\="x"/9'], 'E488:')
 
-  bwipe!
+  # When calling a function the right instruction list needs to be restored.
+  var lines =<< trim END
+      vim9script
+      def Foo()
+          Bar([])
+      enddef
+      def Bar(l: list<number>)
+          s/^/\=Rep()/
+          for n in l[:]
+          endfor
+      enddef
+      def Rep(): string
+          return 'rep'
+      enddef
+      new
+      Foo()
+      assert_equal('rep', getline(1))
+      bwipe!
+  END
+  CheckScriptSuccess(lines)
 enddef
 
 def Test_redir_to_var()
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    2810,
+/**/
     2809,
 /**/
     2808,
diff --git a/src/vim9execute.c b/src/vim9execute.c
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -601,6 +601,12 @@ func_return(ectx_T *ectx)
 				       + STACK_FRAME_IDX_OFF)->vval.v_number;
     ectx->ec_instr = INSTRUCTIONS(prev_dfunc);
 
+    // If the call was inside an ISN_SUBSTITUTE instruction need to use its
+    // list of instructions.
+    if (ectx->ec_instr[ectx->ec_iidx - 1].isn_type == ISN_SUBSTITUTE)
+	ectx->ec_instr = ectx->ec_instr[ectx->ec_iidx - 1]
+						      .isn_arg.subs.subs_instr;
+
     if (floc == NULL)
 	ectx->ec_funclocal.floc_restore_cmdmod = FALSE;
     else