To: vim_dev@googlegroups.com Subject: Patch 8.2.4587 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.4587 Problem: Vim9: double free after unpacking a list. Solution: Make a copy of the value instead of moving it. (closes #9968) Files: src/vim9execute.c, src/testdir/test_vim9_script.vim *** ../vim-8.2.4586/src/vim9execute.c 2022-03-15 19:29:26.546954678 +0000 --- src/vim9execute.c 2022-03-18 13:01:01.848433149 +0000 *************** *** 4773,4779 **** li = li->li_next; for (i = 0; li != NULL; ++i) { ! list_set_item(rem_list, i, &li->li_tv); li = li->li_next; } --count; --- 4773,4782 ---- li = li->li_next; for (i = 0; li != NULL; ++i) { ! typval_T tvcopy; ! ! copy_tv(&li->li_tv, &tvcopy); ! list_set_item(rem_list, i, &tvcopy); li = li->li_next; } --count; *** ../vim-8.2.4586/src/testdir/test_vim9_script.vim 2022-03-16 20:25:59.832818058 +0000 --- src/testdir/test_vim9_script.vim 2022-03-18 13:08:11.127719590 +0000 *************** *** 2253,2258 **** --- 2253,2265 ---- res->add(n) endfor assert_equal([2, 5], res) + + var text: list = ["hello there", "goodbye now"] + var splitted = '' + for [first; next] in mapnew(text, (i, v) => split(v)) + splitted ..= string(first) .. string(next) .. '/' + endfor + assert_equal("'hello'['there']/'goodbye'['now']/", splitted) END v9.CheckDefAndScriptSuccess(lines) *** ../vim-8.2.4586/src/version.c 2022-03-17 16:30:00.174908142 +0000 --- src/version.c 2022-03-18 13:02:03.152337466 +0000 *************** *** 752,753 **** --- 752,755 ---- { /* Add new patch number below this line */ + /**/ + 4587, /**/ -- From "know your smileys": (\___/) (+'.'+) Bunny (")_(") /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///