Patch 8.2.0513

[Bram Moolenaar]

Patch 8.2.0513
Problem: Reading past allocate memory when using varargs.
Solution: Fix copying function argument types.
Files: src/vim9compile.c


*** ../vim-8.2.0512/src/vim9compile.c 2020-04-05 17:07:59.414556253 +0200
--- src/vim9compile.c 2020-04-05 18:16:28.597491907 +0200
***************
*** 353,359 ****
}

/*
! * For a function type, reserve space for "argcount" argument types.
*/
static int
func_type_add_arg_types(
--- 353,360 ----
}

/*
! * For a function type, reserve space for "argcount" argument types (including
! * vararg).
*/
static int
func_type_add_arg_types(
***************
*** 5823,5838 ****
}

{
! int argcount = ufunc->uf_args.ga_len
! + (ufunc->uf_va_name == NULL ? 0 : 1);

// Create a type for the function, with the return type and any
// argument types.
! ufunc->uf_func_type = get_func_type(ufunc->uf_ret_type, argcount,
! &ufunc->uf_type_list);
! if (argcount > 0)
{
! if (func_type_add_arg_types(ufunc->uf_func_type, argcount,
argcount - ufunc->uf_def_args.ga_len,
&ufunc->uf_type_list) == FAIL)
{
--- 5824,5842 ----
}

{
! int varargs = ufunc->uf_va_name != NULL;
! int argcount = ufunc->uf_args.ga_len - (varargs ? 1 : 0);

// Create a type for the function, with the return type and any
// argument types.
! // A vararg is included in uf_args.ga_len but not in uf_arg_types.
! // The type is included in "tt_args".
! ufunc->uf_func_type = get_func_type(ufunc->uf_ret_type,
! ufunc->uf_args.ga_len, &ufunc->uf_type_list);
! if (ufunc->uf_args.ga_len > 0)
{
! if (func_type_add_arg_types(ufunc->uf_func_type,
! ufunc->uf_args.ga_len,
argcount - ufunc->uf_def_args.ga_len,
&ufunc->uf_type_list) == FAIL)
{
***************
*** 5850,5855 ****
--- 5854,5862 ----
else
mch_memmove(ufunc->uf_func_type->tt_args,
ufunc->uf_arg_types, sizeof(type_T *) * argcount);
+ if (varargs)
+ ufunc->uf_func_type->tt_args[argcount] =
+ ufunc->uf_va_type == NULL ? &t_any : ufunc->uf_va_type;
}
}

*** ../vim-8.2.0512/src/version.c 2020-04-05 17:07:59.418556237 +0200
--- src/version.c 2020-04-05 18:20:27.448626474 +0200
***************
*** 740,741 ****
--- 740,743 ----
{ /* Add new patch number below this line */
+ /**/
+ 513,
/**/

--
Every person is responsible for the choices he makes.

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///