Consider the following scenario: while processing function dict_copy
static dict_T *
dict_copy(orig, deep, copyID)
dict_T *orig;
int deep;
int copyID;
{
dict_T *copy;
dictitem_T *di;
int todo;
hashitem_T *hi;
if (orig == NULL)
return NULL;
copy = dict_alloc();
this allocation occupied last memory in the system,
if (copy != NULL)
{
if (copyID != 0)
{
orig->dv_copyID = copyID;
orig->dv_copydict = copy;
}
todo = (int)orig->dv_hashtab.ht_used;
for (hi = orig->dv_hashtab.ht_array; todo > 0 && !got_int; ++hi)
{
if (!HASHITEM_EMPTY(hi))
{
--todo;
di = dictitem_alloc(hi->hi_key);
so that this allocation at first fails and results in
`garbage_collect()` being called from `lalloc()` in `misc2.c`.
Since `copy` dictionary is not yet referenced anywhere
`garbage_collect()` call will free the dictionary and
if (di == NULL)
break;
if (deep)
{
if (item_copy(&HI2DI(hi)->di_tv, &di->di_tv, deep,
copyID) == FAIL)
{
vim_free(di);
break;
}
}
else
copy_tv(&HI2DI(hi)->di_tv, &di->di_tv);
if (dict_add(copy, di) == FAIL)
Vim will crash at this point.
{
dictitem_free(di);
break;
}
}
}
++copy->dv_refcount;
if (todo > 0)
{
dict_unref(copy);
copy = NULL;
}
}
return copy;
}
Please correct me if I am wrong.
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
