patch 9.0.2115: crash when callback function aborts because of recursiveness Commit: https://github.com/vim/vim/commit/6701abfb522ec1d2ac18a04495ea874b94496ca6 Author: Christian Brabandt <cb@256bit.org> Date: Sun Nov 19 10:52:50 2023 +0100 patch 9.0.2115: crash when callback function aborts because of recursiveness Problem: crash when callback function aborts because of recursiveness Solution: correctly initialize rettv Initialize rettv in invoke_popup_callback() Since v9.0.2030, call_callback may exit early when the callback recurses too much. This meant that call_func, which would set rettv->v_type = VAR_UNKNOWN, was not being called. Without rettv->v_type being explicitly set, it still contained whatever garbage was used to initialize the stack value in invoke_popup_callback. This would lead to possible crashes when calling clear_tv(&rettv). Rather than rely on action at a distance, explicitly initialize rettv's type to VAR_UNKNOWN so clear_tv can tell nothing needs to be done. closes: #13495 closes: #13545 Signed-off-by: James McCoy <jamessan@jamessan.com> Signed-off-by: Christian Brabandt <cb@256bit.org>

--- a/src/popupwin.c
+++ b/src/popupwin.c
@@ -2382,6 +2382,8 @@ invoke_popup_callback(win_T *wp, typval_
     typval_T	rettv;
     typval_T	argv[3];
 
+    rettv.v_type = VAR_UNKNOWN;
+
     argv[0].v_type = VAR_NUMBER;
     argv[0].vval.v_number = (varnumber_T)wp->w_id;
 

--- a/src/version.c
+++ b/src/version.c
@@ -705,6 +705,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    2115,
+/**/
     2114,
 /**/
     2113,