To: vim_dev@googlegroups.com Subject: Patch 9.0.0554 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.0554 Problem: Using freed memory when command follows lambda. Solution: Don't free what is still in use. (closes #11201) Files: src/vim9expr.c, src/eval.c, src/testdir/test_vim9_func.vim *** ../vim-9.0.0553/src/vim9expr.c 2022-09-19 16:08:01.428998441 +0100 --- src/vim9expr.c 2022-09-23 11:45:51.617141153 +0100 *************** *** 522,531 **** { type = lvar.lv_type; idx = lvar.lv_idx; - outer_loop_depth = lvar.lv_loop_depth; - outer_loop_idx = lvar.lv_loop_idx; if (lvar.lv_from_outer != 0) gen_load_outer = lvar.lv_from_outer; else gen_load = TRUE; } --- 522,533 ---- { type = lvar.lv_type; idx = lvar.lv_idx; if (lvar.lv_from_outer != 0) + { gen_load_outer = lvar.lv_from_outer; + outer_loop_depth = lvar.lv_loop_depth; + outer_loop_idx = lvar.lv_loop_idx; + } else gen_load = TRUE; } *************** *** 1096,1101 **** --- 1098,1104 ---- *arg = ((char_u **)cctx->ctx_ufunc->uf_lines.ga_data)[cctx->ctx_lnum] + off; + evalarg.eval_using_cmdline = FALSE; } clear_evalarg(&evalarg, NULL); *** ../vim-9.0.0553/src/eval.c 2022-09-22 21:35:16.041424474 +0100 --- src/eval.c 2022-09-23 12:24:14.103560463 +0100 *************** *** 382,404 **** { if (evalarg != NULL) { ! if (evalarg->eval_tofree != NULL) { if (eap != NULL) { // We may need to keep the original command line, e.g. for ! // ":let" it has the variable names. But we may also need the ! // new one, "nextcmd" points into it. Keep both. vim_free(eap->cmdline_tofree); eap->cmdline_tofree = *eap->cmdlinep; ! *eap->cmdlinep = evalarg->eval_tofree; } else vim_free(evalarg->eval_tofree); evalarg->eval_tofree = NULL; } ! ga_clear_strings(&evalarg->eval_tofree_ga); VIM_CLEAR(evalarg->eval_tofree_lambda); } } --- 382,415 ---- { if (evalarg != NULL) { ! garray_T *etga = &evalarg->eval_tofree_ga; ! ! if (evalarg->eval_tofree != NULL || evalarg->eval_using_cmdline) { if (eap != NULL) { // We may need to keep the original command line, e.g. for ! // ":let" it has the variable names. But we may also need ! // the new one, "nextcmd" points into it. Keep both. vim_free(eap->cmdline_tofree); eap->cmdline_tofree = *eap->cmdlinep; ! ! if (evalarg->eval_using_cmdline && etga->ga_len > 0) ! { ! // "nextcmd" points into the last line in eval_tofree_ga, ! // need to keep it around. ! --etga->ga_len; ! *eap->cmdlinep = ((char_u **)etga->ga_data)[etga->ga_len]; ! } ! else ! *eap->cmdlinep = evalarg->eval_tofree; } else vim_free(evalarg->eval_tofree); evalarg->eval_tofree = NULL; } ! ga_clear_strings(etga); VIM_CLEAR(evalarg->eval_tofree_lambda); } } *** ../vim-9.0.0553/src/testdir/test_vim9_func.vim 2022-09-22 22:03:11.256114607 +0100 --- src/testdir/test_vim9_func.vim 2022-09-23 12:31:25.687752039 +0100 *************** *** 1515,1520 **** --- 1515,1534 ---- v9.CheckDefAndScriptFailure(lines, 'E488: Trailing characters: | echo') enddef + def Test_lambda_with_following_cmd() + var lines =<< trim END + set ts=2 + var Lambda = () => { + set ts=4 + } | set ts=3 + assert_equal(3, &ts) + Lambda() + assert_equal(4, &ts) + END + v9.CheckDefAndScriptSuccess(lines) + set ts=8 + enddef + def Test_pass_legacy_lambda_to_def_func() var lines =<< trim END vim9script *** ../vim-9.0.0553/src/version.c 2022-09-22 22:03:11.256114607 +0100 --- src/version.c 2022-09-23 12:27:27.523652112 +0100 *************** *** 701,702 **** --- 701,704 ---- { /* Add new patch number below this line */ + /**/ + 554, /**/ -- Amazing but true: If all the salmon caught in Canada in one year were laid end to end across the Sahara Desert, the smell would be absolutely awful. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///