Mercurial > vim
changeset 25784:8dfcee931c6c v8.2.3427
patch 8.2.3427: double free when list is copied
Commit: https://github.com/vim/vim/commit/b3bf33a7b227df871834e816c4ce4b2706b56bea
Author: Bram Moolenaar <Bram@vim.org>
Date: Sat Sep 11 20:20:38 2021 +0200
patch 8.2.3427: double free when list is copied
Problem: Double free when list is copied.
Solution: Allocate the type when making a copy. (closes https://github.com/vim/vim/issues/8862)
Clear the type for flattennew(). Avoid a memory leak when
flattennew() fails.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Sat, 11 Sep 2021 20:30:04 +0200 |
parents | aee42bda9b8a |
children | 468662f24b0a |
files | src/list.c src/testdir/test_vim9_builtin.vim src/version.c |
diffstat | 3 files changed, 19 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/list.c +++ b/src/list.c @@ -952,7 +952,10 @@ list_flatten(list_T *list, long maxdepth vimlist_remove(list, item, item); if (list_extend(list, item->li_tv.vval.v_list, next) == FAIL) + { + list_free_item(list, item); return; + } clear_tv(&item->li_tv); tofree = item; @@ -1023,6 +1026,9 @@ flatten_common(typval_T *argvars, typval rettv->vval.v_list = l; if (l == NULL) return; + // The type will change. + free_type(l->lv_type); + l->lv_type = NULL; } else { @@ -1217,7 +1223,7 @@ list_copy(list_T *orig, int deep, int co copy = list_alloc(); if (copy != NULL) { - copy->lv_type = orig->lv_type; + copy->lv_type = alloc_type(orig->lv_type); if (copyID != 0) { // Do this before adding the items, because one of the items may
--- a/src/testdir/test_vim9_builtin.vim +++ b/src/testdir/test_vim9_builtin.vim @@ -1090,6 +1090,13 @@ def Test_findfile() CheckDefAndScriptFailure2(['findfile("a", "b", "c")'], 'E1013: Argument 3: type mismatch, expected number but got string', 'E1210: Number required for argument 3') enddef +def Test_flatten() + var lines =<< trim END + echo flatten([1, 2, 3]) + END + CheckDefAndScriptFailure(lines, 'E1158:') +enddef + def Test_flattennew() var lines =<< trim END var l = [1, [2, [3, 4]], 5] @@ -1098,13 +1105,12 @@ def Test_flattennew() call assert_equal([1, 2, [3, 4], 5], flattennew(l, 1)) call assert_equal([1, [2, [3, 4]], 5], l) + + var ll: list<list<string>> = [['a', 'b', 'c']] + assert_equal(['a', 'b', 'c'], ll->flattennew()) END CheckDefAndScriptSuccess(lines) - lines =<< trim END - echo flatten([1, 2, 3]) - END - CheckDefAndScriptFailure(lines, 'E1158:') CheckDefAndScriptFailure2(['flattennew({})'], 'E1013: Argument 1: type mismatch, expected list<any> but got dict<unknown>', 'E1211: List required for argument 1') CheckDefAndScriptFailure2(['flattennew([], "1")'], 'E1013: Argument 2: type mismatch, expected number but got string', 'E1210: Number required for argument 2') enddef