Permalink
Browse files

patch 8.0.0085

Problem:    Using freed memory with recursive function call. (Dominique Pelle)
Solution:   Make a copy of the function name.
  • Loading branch information...
1 parent 7618e00 commit 8a01f969c198eeb655ad2f96f2796a6f6f4a1924 @brammool brammool committed Nov 14, 2016
Showing with 36 additions and 17 deletions.
  1. +11 −4 src/eval.c
  2. +23 −13 src/testdir/test_nested_function.vim
  3. +2 −0 src/version.c
View
@@ -4339,10 +4339,17 @@ eval7(
* use its contents. */
s = deref_func_name(s, &len, &partial, !evaluate);
- /* Invoke the function. */
- ret = get_func_tv(s, len, rettv, arg,
- curwin->w_cursor.lnum, curwin->w_cursor.lnum,
- &len, evaluate, partial, NULL);
+ /* Need to make a copy, in case evaluating the arguments makes
+ * the name invalid. */
+ s = vim_strsave(s);
+ if (s == NULL)
+ ret = FAIL;
+ else
+ /* Invoke the function. */
+ ret = get_func_tv(s, len, rettv, arg,
+ curwin->w_cursor.lnum, curwin->w_cursor.lnum,
+ &len, evaluate, partial, NULL);
+ vim_free(s);
/* If evaluate is FALSE rettv->v_type was not set in
* get_func_tv, but it's needed in handle_subscript() to parse
@@ -1,32 +1,42 @@
"Tests for nested functions
"
-function! NestedFunc()
- fu! Func1()
+func NestedFunc()
+ func! Func1()
let g:text .= 'Func1 '
- endfunction
+ endfunc
call Func1()
- fu! s:func2()
+ func! s:func2()
let g:text .= 's:func2 '
- endfunction
+ endfunc
call s:func2()
- fu! s:_func3()
+ func! s:_func3()
let g:text .= 's:_func3 '
- endfunction
+ endfunc
call s:_func3()
let fn = 'Func4'
- fu! {fn}()
+ func! {fn}()
let g:text .= 'Func4 '
- endfunction
+ endfunc
call {fn}()
let fn = 'func5'
- fu! s:{fn}()
+ func! s:{fn}()
let g:text .= 's:func5'
- endfunction
+ endfunc
call s:{fn}()
-endfunction
+endfunc
-function! Test_nested_functions()
+func Test_nested_functions()
let g:text = ''
call NestedFunc()
call assert_equal('Func1 s:func2 s:_func3 Func4 s:func5', g:text)
endfunction
+
+func Test_nested_argument()
+ func g:X()
+ let g:Y = function('sort')
+ endfunc
+ let g:Y = function('sort')
+ echo g:Y([], g:X())
+ delfunc g:X
+ unlet g:Y
+endfunc
View
@@ -765,6 +765,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 85,
+/**/
84,
/**/
83,

0 comments on commit 8a01f96

Please sign in to comment.