Patch 8.2.4587
8 views
Skip to first unread message
Bram Moolenaar
Mar 18, 2022, 9:12:42 AM3/18/22
to vim...@googlegroups.com
Patch 8.2.4587
Problem: Vim9: double free after unpacking a list.
Solution: Make a copy of the value instead of moving it. (closes #9968)
Files: src/vim9execute.c, src/testdir/test_vim9_script.vim
*** ../vim-8.2.4586/src/vim9execute.c 2022-03-15 19:29:26.546954678 +0000
--- src/vim9execute.c 2022-03-18 13:01:01.848433149 +0000
***************
*** 4773,4779 ****
li = li->li_next;
for (i = 0; li != NULL; ++i)
{
! list_set_item(rem_list, i, &li->li_tv);
li = li->li_next;
}
--count;
--- 4773,4782 ----
li = li->li_next;
for (i = 0; li != NULL; ++i)
{
! typval_T tvcopy;
!
! copy_tv(&li->li_tv, &tvcopy);
! list_set_item(rem_list, i, &tvcopy);
li = li->li_next;
}
--count;
*** ../vim-8.2.4586/src/testdir/test_vim9_script.vim 2022-03-16 20:25:59.832818058 +0000
--- src/testdir/test_vim9_script.vim 2022-03-18 13:08:11.127719590 +0000
***************
*** 2253,2258 ****
--- 2253,2265 ----
res->add(n)
endfor
assert_equal([2, 5], res)
+
+ var text: list<string> = ["hello there", "goodbye now"]
+ var splitted = ''
+ for [first; next] in mapnew(text, (i, v) => split(v))
+ splitted ..= string(first) .. string(next) .. '/'
+ endfor
+ assert_equal("'hello'['there']/'goodbye'['now']/", splitted)
END
v9.CheckDefAndScriptSuccess(lines)
*** ../vim-8.2.4586/src/version.c 2022-03-17 16:30:00.174908142 +0000
--- src/version.c 2022-03-18 13:02:03.152337466 +0000
***************
*** 752,753 ****
--- 752,755 ----
{ /* Add new patch number below this line */
+ /**/
+ 4587,
/**/
--
From "know your smileys":
(\___/)
(+'.'+) Bunny
(")_(")
/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Reply all
Reply to author
Forward
0 new messages