Mercurial > vim
changeset 29763:c0debb5290b5 v9.0.0221
patch 9.0.0221: accessing freed memory if compiling nested function fails
Commit: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Aug 16 19:34:44 2022 +0100
patch 9.0.0221: accessing freed memory if compiling nested function fails
Problem: Accessing freed memory if compiling nested function fails.
Solution: Mess up the variable name so that it won't be found.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Tue, 16 Aug 2022 20:45:03 +0200 |
parents | 13b522cb29d9 |
children | c99cffeb155d |
files | src/testdir/test_vim9_func.vim src/version.c src/vim9compile.c |
diffstat | 3 files changed, 19 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/testdir/test_vim9_func.vim +++ b/src/testdir/test_vim9_func.vim @@ -911,6 +911,18 @@ def Test_nested_function() v9.CheckScriptFailure(lines, 'E1173: Text found after enddef: burp', 3) enddef +def Test_nested_function_fails() + var lines =<< trim END + def T() + def Func(g: string):string + enddef + Func() + enddef + silent! defcompile + END + v9.CheckScriptFailure(lines, 'E1069:') +enddef + def Test_not_nested_function() echo printf('%d', function('len')('xxx'))
--- a/src/version.c +++ b/src/version.c @@ -736,6 +736,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 221, +/**/ 220, /**/ 219,
--- a/src/vim9compile.c +++ b/src/vim9compile.c @@ -830,6 +830,7 @@ compile_nested_function(exarg_T *eap, cc int r = FAIL; compiletype_T compile_type; isn_T *funcref_isn = NULL; + lvar_T *lvar = NULL; if (eap->forceit) { @@ -936,9 +937,8 @@ compile_nested_function(exarg_T *eap, cc else { // Define a local variable for the function reference. - lvar_T *lvar = reserve_local(cctx, func_name, name_end - name_start, + lvar = reserve_local(cctx, func_name, name_end - name_start, TRUE, ufunc->uf_func_type); - if (lvar == NULL) goto theend; if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL) @@ -957,6 +957,9 @@ compile_nested_function(exarg_T *eap, cc && compile_def_function(ufunc, TRUE, compile_type, cctx) == FAIL) { func_ptr_unref(ufunc); + if (lvar != NULL) + // Now the local variable can't be used. + *lvar->lv_name = '/'; // impossible value goto theend; }