Patch 9.0.1142

[Bram Moolenaar]

Patch 9.0.1142
Problem: Crash and/or memory leak when redefining function after error.
Solution: Clear pointer after making a copy. Clear arrays on failure.
(closes #11774)
Files: src/userfunc.c


*** ../vim-9.0.1141/src/userfunc.c 2023-01-02 18:10:00.019271226 +0000
--- src/userfunc.c 2023-01-04 13:13:06.520139092 +0000
***************
*** 525,533 ****

// Move the last argument "...name: type" to uf_va_name and
// uf_va_type.
- fp->uf_va_name = ((char_u **)fp->uf_args.ga_data)
- [fp->uf_args.ga_len - 1];
--fp->uf_args.ga_len;
p = ((char_u **)argtypes->ga_data)[len];
if (p == NULL)
// TODO: get type from default value
--- 525,533 ----

// Move the last argument "...name: type" to uf_va_name and
// uf_va_type.
--fp->uf_args.ga_len;
+ fp->uf_va_name = ((char_u **)fp->uf_args.ga_data)[fp->uf_args.ga_len];
+ ((char_u **)fp->uf_args.ga_data)[fp->uf_args.ga_len] = NULL;
p = ((char_u **)argtypes->ga_data)[len];
if (p == NULL)
// TODO: get type from default value
***************
*** 4787,4793 ****
// invalid.
++p;
if (get_function_args(&p, ')', &newargs,
! eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE,
NULL, &varargs, &default_args, eap->skip,
eap, in_class, &newlines, lines_to_free) == FAIL)
goto errret_2;
--- 4787,4793 ----
// invalid.
++p;
if (get_function_args(&p, ')', &newargs,
! eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE,
NULL, &varargs, &default_args, eap->skip,
eap, in_class, &newlines, lines_to_free) == FAIL)
goto errret_2;
***************
*** 5209,5225 ****
goto ret_free;

erret:
- ga_clear_strings(&newargs);
- ga_clear_strings(&default_args);
if (fp != NULL)
{
ga_init(&fp->uf_args);
ga_init(&fp->uf_def_args);
}
errret_2:
ga_clear_strings(&newlines);
if (fp != NULL)
VIM_CLEAR(fp->uf_arg_types);
if (free_fp)
{
vim_free(fp);
--- 5209,5231 ----
goto ret_free;

erret:
if (fp != NULL)
{
+ // these were set to "newargs" and "default_args", which are cleared
+ // below
ga_init(&fp->uf_args);
ga_init(&fp->uf_def_args);
}
errret_2:
+ ga_clear_strings(&newargs);
+ ga_clear_strings(&default_args);
ga_clear_strings(&newlines);
if (fp != NULL)
+ {
VIM_CLEAR(fp->uf_arg_types);
+ VIM_CLEAR(fp->uf_va_name);
+ clear_type_list(&fp->uf_type_list);
+ }
if (free_fp)
{
vim_free(fp);
*** ../vim-9.0.1141/src/version.c 2023-01-04 11:15:07.493007440 +0000
--- src/version.c 2023-01-04 13:15:27.035968058 +0000
***************
*** 697,698 ****
--- 697,700 ----
{ /* Add new patch number below this line */
+ /**/
+ 1142,
/**/

--
SUPERIMPOSE "England AD 787". After a few more seconds we hear hoofbeats in
the distance. They come slowly closer. Then out of the mist comes KING
ARTHUR followed by a SERVANT who is banging two half coconuts together.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///