# HG changeset patch # User Christian Brabandt # Date 1700388009 -3600 # Node ID 67fa901a2fc6cbc2c1fe350251183e90267e5ae6 # Parent 5100c01a1f1d28c8b9c63d803017896c0e51460c patch 9.0.2115: crash when callback function aborts because of recursiveness Commit: https://github.com/vim/vim/commit/6701abfb522ec1d2ac18a04495ea874b94496ca6 Author: Christian Brabandt Date: Sun Nov 19 10:52:50 2023 +0100 patch 9.0.2115: crash when callback function aborts because of recursiveness Problem: crash when callback function aborts because of recursiveness Solution: correctly initialize rettv Initialize rettv in invoke_popup_callback() Since v9.0.2030, call_callback may exit early when the callback recurses too much. This meant that call_func, which would set rettv->v_type = VAR_UNKNOWN, was not being called. Without rettv->v_type being explicitly set, it still contained whatever garbage was used to initialize the stack value in invoke_popup_callback. This would lead to possible crashes when calling clear_tv(&rettv). Rather than rely on action at a distance, explicitly initialize rettv's type to VAR_UNKNOWN so clear_tv can tell nothing needs to be done. closes: #13495 closes: #13545 Signed-off-by: James McCoy Signed-off-by: Christian Brabandt diff --git a/src/popupwin.c b/src/popupwin.c --- a/src/popupwin.c +++ b/src/popupwin.c @@ -2382,6 +2382,8 @@ invoke_popup_callback(win_T *wp, typval_ typval_T rettv; typval_T argv[3]; + rettv.v_type = VAR_UNKNOWN; + argv[0].v_type = VAR_NUMBER; argv[0].vval.v_number = (varnumber_T)wp->w_id; diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -705,6 +705,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 2115, +/**/ 2114, /**/ 2113,