Commit: patch 9.2.0778: Memory Leak in compile_dict() on alloc failure

0 views
Skip to first unread message

Christian Brabandt

unread,
Jul 2, 2026, 4:15:27 PM (8 hours ago) Jul 2
to vim...@googlegroups.com
patch 9.2.0778: Memory Leak in compile_dict() on alloc failure

Commit: https://github.com/vim/vim/commit/8bd30e8cb8507ed51f8a15470d601ebb284fe13b
Author: Christian Brabandt <c...@256bit.org>
Date: Thu Jul 2 19:58:13 2026 +0000

patch 9.2.0778: Memory Leak in compile_dict() on alloc failure

Problem: Memory Leak in compile_dict() on allocation failure (Ao Xijie)
Solution: Use goto failret consistently

related: #20668

Supported by AI.

Signed-off-by: Christian Brabandt <c...@256bit.org>

diff --git a/src/version.c b/src/version.c
index 70c83e88a..05249bea7 100644
--- a/src/version.c
+++ b/src/version.c
@@ -759,6 +759,8 @@ static char *(features[]) =

static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 778,
/**/
777,
/**/
diff --git a/src/vim9expr.c b/src/vim9expr.c
index a041a3e70..4331d3f5b 100644
--- a/src/vim9expr.c
+++ b/src/vim9expr.c
@@ -1930,7 +1930,7 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
// {[expr]: value} uses an evaluated key.
*arg = skipwhite(*arg + 1);
if (compile_expr0(arg, cctx) == FAIL)
- return FAIL;
+ goto failret;
isn = ((isn_T *)instr->ga_data) + instr->ga_len - 1;
if (isn->isn_type == ISN_PUSHNR)
{
@@ -1944,12 +1944,12 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
if (isn->isn_type == ISN_PUSHS)
key = isn->isn_arg.string;
else if (may_generate_2STRING(-1, TOSTRING_NONE, cctx) == FAIL)
- return FAIL;
+ goto failret;
*arg = skipwhite(*arg);
if (**arg != ']')
{
emsg(_(e_missing_matching_bracket_after_dict_key));
- return FAIL;
+ goto failret;
}
++*arg;
}
@@ -1960,9 +1960,9 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
// {name: value} use "name" as a literal key
key = get_literal_key(arg);
if (key == NULL)
- return FAIL;
+ goto failret;
if (generate_PUSHS(cctx, &key) == FAIL)
- return FAIL;
+ goto failret;
}

// Check for duplicate keys, if using string keys.
@@ -1990,13 +1990,13 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
semsg(_(e_no_white_space_allowed_before_str_str), ":", *arg);
else
semsg(_(e_missing_colon_in_dictionary_str), *arg);
- return FAIL;
+ goto failret;
}
whitep = *arg + 1;
if (!IS_WHITE_OR_NUL(*whitep))
{
semsg(_(e_white_space_required_after_str_str), ":", *arg);
- return FAIL;
+ goto failret;
}

if (may_get_next_line(whitep, arg, cctx) == FAIL)
@@ -2006,7 +2006,7 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
}

if (compile_expr0_ext(arg, cctx, &is_const) == FAIL)
- return FAIL;
+ goto failret;
if (!is_const)
is_all_const = FALSE;
++count;
@@ -2027,13 +2027,13 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
if (IS_WHITE_OR_NUL(*whitep))
{
semsg(_(e_no_white_space_allowed_before_str_str), ",", whitep);
- return FAIL;
+ goto failret;
}
whitep = *arg + 1;
if (!IS_WHITE_OR_NUL(*whitep))
{
semsg(_(e_white_space_required_after_str_str), ",", *arg);
- return FAIL;
+ goto failret;
}
*arg = skipwhite(whitep);
}
Reply all
Reply to author
Forward
0 new messages