changeset 22553:3ed3bed38e0f v8.2.1825

patch 8.2.1825: Vim9: accessing freed memory Commit: https://github.com/vim/vim/commit/d747548c664815bb6e8520afa90b6108e1997591 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Oct 10 20:31:37 2020 +0200 patch 8.2.1825: Vim9: accessing freed memory Problem: Vim9: accessing freed memory. Solution: Clear sv_name when the variable is deleted.
author Bram Moolenaar <Bram@vim.org>
date Sat, 10 Oct 2020 20:45:04 +0200
parents 0296c106ec8b
children 0ecf643db435
files src/ex_eval.c src/version.c
diffstat 2 files changed, 21 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/src/ex_eval.c
+++ b/src/ex_eval.c
@@ -925,22 +925,28 @@ leave_block(cstack_T *cstack)
 
     if (in_vim9script())
     {
-	scriptitem_T *si = SCRIPT_ITEM(current_sctx.sc_sid);
+	scriptitem_T	*si = SCRIPT_ITEM(current_sctx.sc_sid);
+	hashtab_T	*ht = get_script_local_ht();
 
-	for (i = cstack->cs_script_var_len[cstack->cs_idx];
-					       i < si->sn_var_vals.ga_len; ++i)
+	if (ht != NULL)
 	{
-	    svar_T	*sv = ((svar_T *)si->sn_var_vals.ga_data) + i;
-	    hashtab_T	*ht = get_script_local_ht();
-	    hashitem_T	*hi;
-
-	    if (ht != NULL)
+	    for (i = cstack->cs_script_var_len[cstack->cs_idx];
+					       i < si->sn_var_vals.ga_len; ++i)
 	    {
-		// Remove a variable declared inside the block, if it still
-		// exists.
-		hi = hash_find(ht, sv->sv_name);
-		if (!HASHITEM_EMPTY(hi))
-		    delete_var(ht, hi);
+		svar_T	*sv = ((svar_T *)si->sn_var_vals.ga_data) + i;
+		hashitem_T	*hi;
+
+		if (sv->sv_name != NULL)
+		{
+		    // Remove a variable declared inside the block, if it still
+		    // exists.
+		    hi = hash_find(ht, sv->sv_name);
+		    if (!HASHITEM_EMPTY(hi))
+		    {
+			delete_var(ht, hi);
+			sv->sv_name = NULL;
+		    }
+		}
 	    }
 	}
     }
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1825,
+/**/
     1824,
 /**/
     1823,