73 lines
2.3 KiB
Diff
73 lines
2.3 KiB
Diff
From 1889f499a4f248cd84e0e0bf6d0d820016774494 Mon Sep 17 00:00:00 2001
|
|
From: Bram Moolenaar <Bram@vim.org>
|
|
Date: Tue, 16 Aug 2022 19:34:44 +0100
|
|
Subject: [PATCH] patch 9.0.0221: accessing freed memory if compiling nested
|
|
function fails
|
|
|
|
Problem: Accessing freed memory if compiling nested function fails.
|
|
Solution: Mess up the variable name so that it won't be found.
|
|
---
|
|
src/testdir/test_vim9_func.vim | 12 ++++++++++++
|
|
src/vim9compile.c | 7 +++++--
|
|
2 files changed, 17 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/testdir/test_vim9_func.vim b/src/testdir/test_vim9_func.vim
|
|
index 33a6615..426fde4 100644
|
|
--- a/src/testdir/test_vim9_func.vim
|
|
+++ b/src/testdir/test_vim9_func.vim
|
|
@@ -907,6 +907,18 @@ def Test_nested_function()
|
|
v9.CheckScriptFailure(lines, 'E1173: Text found after enddef: burp', 3)
|
|
enddef
|
|
|
|
+def Test_nested_function_fails()
|
|
+ var lines =<< trim END
|
|
+ def T()
|
|
+ def Func(g: string):string
|
|
+ enddef
|
|
+ Func()
|
|
+ enddef
|
|
+ silent! defcompile
|
|
+ END
|
|
+ v9.CheckScriptFailure(lines, 'E1069:')
|
|
+enddef
|
|
+
|
|
def Test_not_nested_function()
|
|
echo printf('%d',
|
|
function('len')('xxx'))
|
|
diff --git a/src/vim9compile.c b/src/vim9compile.c
|
|
index b7f590e..fb39997 100644
|
|
--- a/src/vim9compile.c
|
|
+++ b/src/vim9compile.c
|
|
@@ -822,6 +822,7 @@ compile_nested_function(exarg_T *eap, cctx_T *cctx, garray_T *lines_to_free)
|
|
int r = FAIL;
|
|
compiletype_T compile_type;
|
|
isn_T *funcref_isn = NULL;
|
|
+ lvar_T *lvar = NULL;
|
|
|
|
if (eap->forceit)
|
|
{
|
|
@@ -928,9 +929,8 @@ compile_nested_function(exarg_T *eap, cctx_T *cctx, garray_T *lines_to_free)
|
|
else
|
|
{
|
|
// Define a local variable for the function reference.
|
|
- lvar_T *lvar = reserve_local(cctx, func_name, name_end - name_start,
|
|
+ lvar = reserve_local(cctx, func_name, name_end - name_start,
|
|
TRUE, ufunc->uf_func_type);
|
|
-
|
|
if (lvar == NULL)
|
|
goto theend;
|
|
if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL)
|
|
@@ -949,6 +949,9 @@ compile_nested_function(exarg_T *eap, cctx_T *cctx, garray_T *lines_to_free)
|
|
&& compile_def_function(ufunc, TRUE, compile_type, cctx) == FAIL)
|
|
{
|
|
func_ptr_unref(ufunc);
|
|
+ if (lvar != NULL)
|
|
+ // Now the local variable can't be used.
|
|
+ *lvar->lv_name = '/'; // impossible value
|
|
goto theend;
|
|
}
|
|
|
|
--
|
|
2.36.1
|
|
|