patch 9.0.1830: Vim9: crash when accessing a null object

Problem: Vim9: crash when accessing a null object Solution: Check accessing a NULL object in def function An object is NULL when the variable is declared, but the constructor isn't called. Accessing/setting a member on the object crashed Vim. Note: this happens inside def functions, at script level things work differently. Accessing a NULL object member results in E1360 (correctly), while setting a value on it results in E1012 (type mismatch) so there's still something to fix. closes: #12973 Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Gianmaria Bajo <mg1979.git@gmail.com>
vim · Aug 31, 2023 · d7085a0 · d7085a0
1 parent eb91e24
commit d7085a0
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 1 deletion.
diff --git a/src/testdir/test_vim9_class.vim b/src/testdir/test_vim9_class.vim
@@ -1180,6 +1180,61 @@ def Test_class_member()
   END
   v9.CheckScriptFailure(lines, 'E1010:')
 
+  # Test for setting a member on a null object
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    def F()
+        var obj: A
+        obj.val = ""
+    enddef
+    F()
+  END
+  v9.CheckScriptFailure(lines, 'E1360: Using a null object')
+
+  # Test for accessing a member on a null object
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    def F()
+        var obj: A
+        echo obj.val
+    enddef
+    F()
+  END
+  v9.CheckScriptFailure(lines, 'E1360: Using a null object')
+
+  # Test for setting a member on a null object, at script level
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    var obj: A
+    obj.val = ""
+  END
+  # FIXME(in source): this should give E1360 as well!
+  v9.CheckScriptFailure(lines, 'E1012: Type mismatch; expected object<A> but got string')
+
+  # Test for accessing a member on a null object, at script level
+  lines =<< trim END
+    vim9script
+    class A
+        this.val: string
+    endclass
+
+    var obj: A
+    echo obj.val
+  END
+  v9.CheckScriptFailure(lines, 'E1360: Using a null object')
+
   # Test for no space before or after the '=' when initializing a member
   # variable
   lines =<< trim END

diff --git a/src/version.c b/src/version.c
@@ -699,6 +699,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1830,
 /**/
     1829,
 /**/

diff --git a/src/vim9execute.c b/src/vim9execute.c
@@ -2147,7 +2147,14 @@ execute_storeindex(isn_T *iptr, ectx_T *ectx)
     // -1 dict, list, blob or object
     tv = STACK_TV_BOT(-3);
     SOURCING_LNUM = iptr->isn_lnum;
-    if (dest_type == VAR_ANY)
+
+    // Make sure an object has been initialized
+    if (dest_type == VAR_OBJECT && tv_dest->vval.v_object == NULL)
+    {
+	emsg(_(e_using_null_object));
+	status = FAIL;
+    }
+    else if (dest_type == VAR_ANY)
     {
 	dest_type = tv_dest->v_type;
 	if (dest_type == VAR_DICT)