Simply reproducable sample: test.vim
``` try throw 'excp' catch " endtry fu! TimerFunc(...) echoerr 'oops' endfu call timer_start(1, 'TimerFunc') ``` vim -Nu test.vim cause: At finishing above try-catch-endtry, "current_exception" has directed a dangling pointer (already freed). Therefore, after emsg() is called in timer-callback, "current_exception" is double-freed. (at discard_current_exception() in check_due_timer(), ex_cmds2.c:L1239) details: * ex_throw() -> throw_exception() sets current_exception (ex_eval.c:L575) * ex_catch() sets did_throw to FALSE * ex_endtry() -> cleanup_conditionals() -> finish_exception() -> discard_exception() frees cstack->cs_exception[idx] (== current_exception) * but, did_throw is already FALSE, discard_current_exception() is not called from anyone (except check_due_timer()). * thus current_exception is not cleanup and keeps freed pointer. Ozaki Kiichi -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
