To: vim_dev@googlegroups.com Subject: Patch 9.0.1142 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.1142 Problem: Crash and/or memory leak when redefining function after error. Solution: Clear pointer after making a copy. Clear arrays on failure. (closes #11774) Files: src/userfunc.c *** ../vim-9.0.1141/src/userfunc.c 2023-01-02 18:10:00.019271226 +0000 --- src/userfunc.c 2023-01-04 13:13:06.520139092 +0000 *************** *** 525,533 **** // Move the last argument "...name: type" to uf_va_name and // uf_va_type. - fp->uf_va_name = ((char_u **)fp->uf_args.ga_data) - [fp->uf_args.ga_len - 1]; --fp->uf_args.ga_len; p = ((char_u **)argtypes->ga_data)[len]; if (p == NULL) // TODO: get type from default value --- 525,533 ---- // Move the last argument "...name: type" to uf_va_name and // uf_va_type. --fp->uf_args.ga_len; + fp->uf_va_name = ((char_u **)fp->uf_args.ga_data)[fp->uf_args.ga_len]; + ((char_u **)fp->uf_args.ga_data)[fp->uf_args.ga_len] = NULL; p = ((char_u **)argtypes->ga_data)[len]; if (p == NULL) // TODO: get type from default value *************** *** 4787,4793 **** // invalid. ++p; if (get_function_args(&p, ')', &newargs, ! eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE, NULL, &varargs, &default_args, eap->skip, eap, in_class, &newlines, lines_to_free) == FAIL) goto errret_2; --- 4787,4793 ---- // invalid. ++p; if (get_function_args(&p, ')', &newargs, ! eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE, NULL, &varargs, &default_args, eap->skip, eap, in_class, &newlines, lines_to_free) == FAIL) goto errret_2; *************** *** 5209,5225 **** goto ret_free; erret: - ga_clear_strings(&newargs); - ga_clear_strings(&default_args); if (fp != NULL) { ga_init(&fp->uf_args); ga_init(&fp->uf_def_args); } errret_2: ga_clear_strings(&newlines); if (fp != NULL) VIM_CLEAR(fp->uf_arg_types); if (free_fp) { vim_free(fp); --- 5209,5231 ---- goto ret_free; erret: if (fp != NULL) { + // these were set to "newargs" and "default_args", which are cleared + // below ga_init(&fp->uf_args); ga_init(&fp->uf_def_args); } errret_2: + ga_clear_strings(&newargs); + ga_clear_strings(&default_args); ga_clear_strings(&newlines); if (fp != NULL) + { VIM_CLEAR(fp->uf_arg_types); + VIM_CLEAR(fp->uf_va_name); + clear_type_list(&fp->uf_type_list); + } if (free_fp) { vim_free(fp); *** ../vim-9.0.1141/src/version.c 2023-01-04 11:15:07.493007440 +0000 --- src/version.c 2023-01-04 13:15:27.035968058 +0000 *************** *** 697,698 **** --- 697,700 ---- { /* Add new patch number below this line */ + /**/ + 1142, /**/ -- SUPERIMPOSE "England AD 787". After a few more seconds we hear hoofbeats in the distance. They come slowly closer. Then out of the mist comes KING ARTHUR followed by a SERVANT who is banging two half coconuts together. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///