To: vim_dev@googlegroups.com Subject: Patch 9.0.0221 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.0221 Problem: Accessing freed memory if compiling nested function fails. Solution: Mess up the variable name so that it won't be found. Files: src/vim9compile.c, src/testdir/test_vim9_func.vim *** ../vim-9.0.0220/src/vim9compile.c 2022-08-08 21:43:06.990412767 +0100 --- src/vim9compile.c 2022-08-16 19:32:47.387819424 +0100 *************** *** 830,835 **** --- 830,836 ---- int r = FAIL; compiletype_T compile_type; isn_T *funcref_isn = NULL; + lvar_T *lvar = NULL; if (eap->forceit) { *************** *** 936,944 **** else { // Define a local variable for the function reference. ! lvar_T *lvar = reserve_local(cctx, func_name, name_end - name_start, TRUE, ufunc->uf_func_type); - if (lvar == NULL) goto theend; if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL) --- 937,944 ---- else { // Define a local variable for the function reference. ! lvar = reserve_local(cctx, func_name, name_end - name_start, TRUE, ufunc->uf_func_type); if (lvar == NULL) goto theend; if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL) *************** *** 957,962 **** --- 957,965 ---- && compile_def_function(ufunc, TRUE, compile_type, cctx) == FAIL) { func_ptr_unref(ufunc); + if (lvar != NULL) + // Now the local variable can't be used. + *lvar->lv_name = '/'; // impossible value goto theend; } *** ../vim-9.0.0220/src/testdir/test_vim9_func.vim 2022-08-16 16:09:53.599527502 +0100 --- src/testdir/test_vim9_func.vim 2022-08-16 19:29:44.684268117 +0100 *************** *** 911,916 **** --- 911,928 ---- v9.CheckScriptFailure(lines, 'E1173: Text found after enddef: burp', 3) enddef + def Test_nested_function_fails() + var lines =<< trim END + def T() + def Func(g: string):string + enddef + Func() + enddef + silent! defcompile + END + v9.CheckScriptFailure(lines, 'E1069:') + enddef + def Test_not_nested_function() echo printf('%d', function('len')('xxx')) *** ../vim-9.0.0220/src/version.c 2022-08-16 17:50:33.959764427 +0100 --- src/version.c 2022-08-16 19:26:46.412733840 +0100 *************** *** 737,738 **** --- 737,740 ---- { /* Add new patch number below this line */ + /**/ + 221, /**/ -- WOMAN: I didn't know we had a king. I thought we were an autonomous collective. DENNIS: You're fooling yourself. We're living in a dictatorship. A self-perpetuating autocracy in which the working classes-- WOMAN: Oh there you go, bringing class into it again. DENNIS: That's what it's all about if only people would-- The Quest for the Holy Grail (Monty Python) /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///