Commit: patch 9.1.0688: Vim9: dereferences NULL pointer in check_type_is_value()
4 views
Skip to first unread message
Christian Brabandt
Aug 22, 2024, 3:30:13 PM8/22/24
to vim...@googlegroups.com
patch 9.1.0688: Vim9: dereferences NULL pointer in check_type_is_value()
Commit: https://github.com/vim/vim/commit/25618fc9eacc6a210507d7749b237ec3a695be85
Author: Christian Brabandt <c...@256bit.org>
Date: Thu Aug 22 21:25:18 2024 +0200
patch 9.1.0688: Vim9: dereferences NULL pointer in check_type_is_value()
Problem: Vim9: dereferences NULL pointer in check_type_is_value()
(Suyue Guo)
Solution: Verify that the pointer is not Null
fixes: #15540
closes: #15545
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_vim9_cmd.vim b/src/testdir/test_vim9_cmd.vim
index a9e10e797..51ae7e685 100644
--- a/src/testdir/test_vim9_cmd.vim
+++ b/src/testdir/test_vim9_cmd.vim
@@ -2036,6 +2036,14 @@ def Test_no_space_after_command()
v9.CheckDefExecAndScriptFailure(lines, 'E486:', 1)
enddef
+def Test_lambda_crash()
+ # This used to crash Vim
+ var lines =<< trim END
+ vim9 () => super => {
+ END
+ v9.CheckScriptFailureList(lines, ["E1356:", "E1405:"])
+enddef
+
" Test for the 'previewpopup' option
def Test_previewpopup()
set previewpopup=height:10,width:60
@@ -2044,6 +2052,7 @@ def Test_previewpopup()
assert_notequal(id, 0)
assert_match('Xppfile', popup_getoptions(id).title)
popup_clear()
+ bw Xppfile
set previewpopup&
enddef
diff --git a/src/version.c b/src/version.c
index 72cce6580..e77ef0f4c 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 688,
/**/
687,
/**/
diff --git a/src/vim9type.c b/src/vim9type.c
index a1571218f..1f044d3d4 100644
--- a/src/vim9type.c
+++ b/src/vim9type.c
@@ -2138,12 +2138,13 @@ check_type_is_value(type_T *type)
switch (type->tt_type)
{
case VAR_CLASS:
- if (IS_ENUM(type->tt_class))
+ if (type->tt_class != NULL && IS_ENUM(type->tt_class))
semsg(_(e_using_enum_as_value_str),
type->tt_class->class_name);
else
semsg(_(e_using_class_as_value_str),
- type->tt_class->class_name);
+ type->tt_class == NULL ? (char_u *)""
+ : type->tt_class->class_name);
return FAIL;
case VAR_TYPEALIAS:
Commit: https://github.com/vim/vim/commit/25618fc9eacc6a210507d7749b237ec3a695be85
Author: Christian Brabandt <c...@256bit.org>
Date: Thu Aug 22 21:25:18 2024 +0200
patch 9.1.0688: Vim9: dereferences NULL pointer in check_type_is_value()
Problem: Vim9: dereferences NULL pointer in check_type_is_value()
(Suyue Guo)
Solution: Verify that the pointer is not Null
fixes: #15540
closes: #15545
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_vim9_cmd.vim b/src/testdir/test_vim9_cmd.vim
index a9e10e797..51ae7e685 100644
--- a/src/testdir/test_vim9_cmd.vim
+++ b/src/testdir/test_vim9_cmd.vim
@@ -2036,6 +2036,14 @@ def Test_no_space_after_command()
v9.CheckDefExecAndScriptFailure(lines, 'E486:', 1)
enddef
+def Test_lambda_crash()
+ # This used to crash Vim
+ var lines =<< trim END
+ vim9 () => super => {
+ END
+ v9.CheckScriptFailureList(lines, ["E1356:", "E1405:"])
+enddef
+
" Test for the 'previewpopup' option
def Test_previewpopup()
set previewpopup=height:10,width:60
@@ -2044,6 +2052,7 @@ def Test_previewpopup()
assert_notequal(id, 0)
assert_match('Xppfile', popup_getoptions(id).title)
popup_clear()
+ bw Xppfile
set previewpopup&
enddef
diff --git a/src/version.c b/src/version.c
index 72cce6580..e77ef0f4c 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 688,
/**/
687,
/**/
diff --git a/src/vim9type.c b/src/vim9type.c
index a1571218f..1f044d3d4 100644
--- a/src/vim9type.c
+++ b/src/vim9type.c
@@ -2138,12 +2138,13 @@ check_type_is_value(type_T *type)
switch (type->tt_type)
{
case VAR_CLASS:
- if (IS_ENUM(type->tt_class))
+ if (type->tt_class != NULL && IS_ENUM(type->tt_class))
semsg(_(e_using_enum_as_value_str),
type->tt_class->class_name);
else
semsg(_(e_using_class_as_value_str),
- type->tt_class->class_name);
+ type->tt_class == NULL ? (char_u *)""
+ : type->tt_class->class_name);
return FAIL;
case VAR_TYPEALIAS:
Reply all
Reply to author
Forward
0 new messages