changeset 22401:df1d7a560b35 v8.2.1749

patch 8.2.1749: Vim9: crash when closure fails in nested function Commit: https://github.com/vim/vim/commit/c70bdab0b8a8262a3784084aa1e6271fee8452f1 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Sep 26 19:59:38 2020 +0200 patch 8.2.1749: Vim9: crash when closure fails in nested function Problem: Vim9: crash when closure fails in nested function. Solution: Handle function returns before dereferencing remaining closures. (closes #7008)
author Bram Moolenaar <Bram@vim.org>
date Sat, 26 Sep 2020 20:00:03 +0200
parents 6fc35e257910
children 337df0dbfe0a
files src/testdir/test_vim9_func.vim src/version.c src/vim9execute.c
diffstat 3 files changed, 26 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/testdir/test_vim9_func.vim
+++ b/src/testdir/test_vim9_func.vim
@@ -1370,6 +1370,20 @@ def Test_double_closure_fails()
   CheckScriptSuccess(lines)
 enddef
 
+def Test_nested_closure_fails()
+  let lines =<< trim END
+    vim9script
+    def FuncA()
+      FuncB(0)
+    enddef
+    def FuncB(n: number): list<string>
+      return map([0], {_, v -> n})
+    enddef
+    FuncA()
+  END
+  CheckScriptFailure(lines, 'E1012:')
+enddef
+
 def Test_sort_return_type()
   let res: list<number>
   res = [1, 2, 3]->sort()
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1749,
+/**/
     1748,
 /**/
     1747,
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -310,9 +310,12 @@ handle_closure_in_use(ectx_T *ectx, int 
     // Check if any created closure is still in use.
     for (idx = 0; idx < closure_count; ++idx)
     {
-	partial_T *pt = ((partial_T **)gap->ga_data)[gap->ga_len
-							- closure_count + idx];
-
+	partial_T   *pt;
+	int	    off = gap->ga_len - closure_count + idx;
+
+	if (off < 0)
+	    continue;  // count is off or already done
+	pt = ((partial_T **)gap->ga_data)[off];
 	if (pt->pt_refcount > 1)
 	{
 	    int refcount = pt->pt_refcount;
@@ -2734,14 +2737,14 @@ done:
     ret = OK;
 
 failed:
-    // Also deal with closures when failed, they may already be in use
-    // somewhere.
-    handle_closure_in_use(&ectx, FALSE);
-
     // When failed need to unwind the call stack.
     while (ectx.ec_frame_idx != initial_frame_idx)
 	func_return(&ectx);
 
+    // Deal with any remaining closures, they may be in use somewhere.
+    if (ectx.ec_funcrefs.ga_len > 0)
+	handle_closure_in_use(&ectx, FALSE);
+
     estack_pop();
     current_sctx = save_current_sctx;