Commit: patch 9.1.0992: Vim9: double-free after v9.1.0988
3 views
Skip to first unread message
Christian Brabandt
Jan 6, 2025, 12:45:14 PMJan 6
to vim...@googlegroups.com
patch 9.1.0992: Vim9: double-free after v9.1.0988
Commit: https://github.com/vim/vim/commit/2050dcc20f99b3440199f4fbe60581e2ad8dac97
Author: Yegappan Lakshmanan <yega...@yahoo.com>
Date: Mon Jan 6 18:34:49 2025 +0100
patch 9.1.0992: Vim9: double-free after v9.1.0988
Problem: Vim9: double-free after v9.1.0988
(h-east)
Solution: clear typval pointer, before setting the type
(Yegappan Lakshmanan)
Otherwise the contents are still referring to some other value.
fixes: #16386
closes: #16388
Signed-off-by: Yegappan Lakshmanan <yega...@yahoo.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_vim9_class.vim b/src/testdir/test_vim9_class.vim
index c7a0fbefa..0c11c078e 100644
--- a/src/testdir/test_vim9_class.vim
+++ b/src/testdir/test_vim9_class.vim
@@ -11839,4 +11839,31 @@ def Test_uninitialized_object_var()
v9.CheckSourceFailure(lines, "E1430: Uninitialized object variable 'x' referenced")
enddef
+" Test for initializing member variables of compound type in the constructor
+def Test_constructor_init_compound_member_var()
+ var lines =<< trim END
+ vim9script
+
+ class Foo
+ var v1: string = "aaa"
+ var v2: list<number> = [1, 2]
+ var v3: dict<string> = {a: 'a', b: 'b'}
+ endclass
+
+ class Bar
+ var v4: string = "bbb"
+ var v5: Foo = Foo.new()
+ var v6: list<number> = [1, 2]
+ endclass
+
+ var b: Bar = Bar.new()
+ assert_equal("aaa", b.v5.v1)
+ assert_equal([1, 2], b.v5.v2)
+ assert_equal({a: 'a', b: 'b'}, b.v5.v3)
+ assert_equal("bbb", b.v4)
+ assert_equal([1, 2], b.v6)
+ END
+ v9.CheckSourceSuccess(lines)
+enddef
+
" vim: ts=8 sw=2 sts=2 expandtab tw=80 fdm=marker
diff --git a/src/version.c b/src/version.c
index dc04ffc09..e8feb96f4 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 992,
/**/
991,
/**/
diff --git a/src/vim9execute.c b/src/vim9execute.c
index dde95b511..d6962804b 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -4855,6 +4855,7 @@ exec_instructions(ectx_T *ectx)
+ iptr->isn_arg.jumparg.jump_arg_off
+ STACK_FRAME_SIZE;
type_T *t = ufunc->uf_arg_types[argidx];
+ CLEAR_POINTER(tv);
tv->v_type = t->tt_type;
}
Commit: https://github.com/vim/vim/commit/2050dcc20f99b3440199f4fbe60581e2ad8dac97
Author: Yegappan Lakshmanan <yega...@yahoo.com>
Date: Mon Jan 6 18:34:49 2025 +0100
patch 9.1.0992: Vim9: double-free after v9.1.0988
Problem: Vim9: double-free after v9.1.0988
(h-east)
Solution: clear typval pointer, before setting the type
(Yegappan Lakshmanan)
Otherwise the contents are still referring to some other value.
fixes: #16386
closes: #16388
Signed-off-by: Yegappan Lakshmanan <yega...@yahoo.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_vim9_class.vim b/src/testdir/test_vim9_class.vim
index c7a0fbefa..0c11c078e 100644
--- a/src/testdir/test_vim9_class.vim
+++ b/src/testdir/test_vim9_class.vim
@@ -11839,4 +11839,31 @@ def Test_uninitialized_object_var()
v9.CheckSourceFailure(lines, "E1430: Uninitialized object variable 'x' referenced")
enddef
+" Test for initializing member variables of compound type in the constructor
+def Test_constructor_init_compound_member_var()
+ var lines =<< trim END
+ vim9script
+
+ class Foo
+ var v1: string = "aaa"
+ var v2: list<number> = [1, 2]
+ var v3: dict<string> = {a: 'a', b: 'b'}
+ endclass
+
+ class Bar
+ var v4: string = "bbb"
+ var v5: Foo = Foo.new()
+ var v6: list<number> = [1, 2]
+ endclass
+
+ var b: Bar = Bar.new()
+ assert_equal("aaa", b.v5.v1)
+ assert_equal([1, 2], b.v5.v2)
+ assert_equal({a: 'a', b: 'b'}, b.v5.v3)
+ assert_equal("bbb", b.v4)
+ assert_equal([1, 2], b.v6)
+ END
+ v9.CheckSourceSuccess(lines)
+enddef
+
" vim: ts=8 sw=2 sts=2 expandtab tw=80 fdm=marker
diff --git a/src/version.c b/src/version.c
index dc04ffc09..e8feb96f4 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 992,
/**/
991,
/**/
diff --git a/src/vim9execute.c b/src/vim9execute.c
index dde95b511..d6962804b 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -4855,6 +4855,7 @@ exec_instructions(ectx_T *ectx)
+ iptr->isn_arg.jumparg.jump_arg_off
+ STACK_FRAME_SIZE;
type_T *t = ufunc->uf_arg_types[argidx];
+ CLEAR_POINTER(tv);
tv->v_type = t->tt_type;
}
Reply all
Reply to author
Forward
0 new messages