Patch 9.0.0221
Problem: Accessing freed memory if compiling nested function fails.
Solution: Mess up the variable name so that it won't be found.
Files: src/vim9compile.c, src/testdir/test_vim9_func.vim
*** ../vim-9.0.0220/src/vim9compile.c 2022-08-08 21:43:06.990412767 +0100
--- src/vim9compile.c 2022-08-16 19:32:47.387819424 +0100
***************
*** 830,835 ****
--- 830,836 ----
int r = FAIL;
compiletype_T compile_type;
isn_T *funcref_isn = NULL;
+ lvar_T *lvar = NULL;
if (eap->forceit)
{
***************
*** 936,944 ****
else
{
// Define a local variable for the function reference.
! lvar_T *lvar = reserve_local(cctx, func_name, name_end - name_start,
TRUE, ufunc->uf_func_type);
-
if (lvar == NULL)
goto theend;
if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL)
--- 937,944 ----
else
{
// Define a local variable for the function reference.
! lvar = reserve_local(cctx, func_name, name_end - name_start,
TRUE, ufunc->uf_func_type);
if (lvar == NULL)
goto theend;
if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL)
***************
*** 957,962 ****
--- 957,965 ----
&& compile_def_function(ufunc, TRUE, compile_type, cctx) == FAIL)
{
func_ptr_unref(ufunc);
+ if (lvar != NULL)
+ // Now the local variable can't be used.
+ *lvar->lv_name = '/'; // impossible value
goto theend;
}
*** ../vim-9.0.0220/src/testdir/test_vim9_func.vim 2022-08-16
16:09:53.599527502 +0100
--- src/testdir/test_vim9_func.vim 2022-08-16 19:29:44.684268117 +0100
***************
*** 911,916 ****
--- 911,928 ----
v9.CheckScriptFailure(lines, 'E1173: Text found after enddef: burp', 3)
enddef
+ def Test_nested_function_fails()
+ var lines =<< trim END
+ def T()
+ def Func(g: string):string
+ enddef
+ Func()
+ enddef
+ silent! defcompile
+ END
+ v9.CheckScriptFailure(lines, 'E1069:')
+ enddef
+
def Test_not_nested_function()
echo printf('%d',
function('len')('xxx'))
*** ../vim-9.0.0220/src/version.c 2022-08-16 17:50:33.959764427 +0100
--- src/version.c 2022-08-16 19:26:46.412733840 +0100
***************
*** 737,738 ****
--- 737,740 ----
{ /* Add new patch number below this line */
+ /**/
+ 221,
/**/
--
WOMAN: I didn't know we had a king. I thought we were an autonomous
collective.
DENNIS: You're fooling yourself. We're living in a dictatorship. A
self-perpetuating autocracy in which the working classes--
WOMAN: Oh there you go, bringing class into it again.
DENNIS: That's what it's all about if only people would--
The Quest for the Holy Grail (Monty Python)
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20220816183518.7F2811C0739%40moolenaar.net.
