aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-10-06 05:44:14 -04:00
Code Activity

patch 8.2.3427: double free when list is copied

Browse Source 
Problem:    Double free when list is copied.
Solution:   Allocate the type when making a copy. (closes #8862)
            Clear the type for flattennew().  Avoid a memory leak when
            flattennew() fails.
This commit is contained in:
Bram Moolenaar
2021-09-11 20:20:38 +02:00
parent 4b4b1b84ee
commit b3bf33a7b2
3 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/list.c
View File

@@ -952,7 +952,10 @@ list_flatten(list_T *list, long maxdepth)
vimlist_remove(list, item, item); vimlist_remove(list, item, item);
if (list_extend(list, item->li_tv.vval.v_list, next) == FAIL) if (list_extend(list, item->li_tv.vval.v_list, next) == FAIL)
{
list_free_item(list, item);
return; return;
}
clear_tv(&item->li_tv); clear_tv(&item->li_tv);
tofree = item; tofree = item;
@@ -1023,6 +1026,9 @@ flatten_common(typval_T *argvars, typval_T *rettv, int make_copy)
rettv->vval.v_list = l; rettv->vval.v_list = l;
if (l == NULL) if (l == NULL)
return; return;
// The type will change.
free_type(l->lv_type);
l->lv_type = NULL;
} }
else else
{ {
@@ -1217,7 +1223,7 @@ list_copy(list_T *orig, int deep, int copyID)
copy = list_alloc(); copy = list_alloc();
if (copy != NULL) if (copy != NULL)
{ {
copy->lv_type = orig->lv_type; copy->lv_type = alloc_type(orig->lv_type);
if (copyID != 0) if (copyID != 0)
{ {
// Do this before adding the items, because one of the items may // Do this before adding the items, because one of the items may

14
src/testdir/test_vim9_builtin.vim
View File

@@ -1090,6 +1090,13 @@ def Test_findfile()
CheckDefAndScriptFailure2(['findfile("a", "b", "c")'], 'E1013: Argument 3: type mismatch, expected number but got string', 'E1210: Number required for argument 3') CheckDefAndScriptFailure2(['findfile("a", "b", "c")'], 'E1013: Argument 3: type mismatch, expected number but got string', 'E1210: Number required for argument 3')
enddef enddef
def Test_flatten()
var lines =<< trim END
echo flatten([1, 2, 3])
END
CheckDefAndScriptFailure(lines, 'E1158:')
enddef
def Test_flattennew() def Test_flattennew()
var lines =<< trim END var lines =<< trim END
var l = [1, [2, [3, 4]], 5] var l = [1, [2, [3, 4]], 5]
@@ -1098,13 +1105,12 @@ def Test_flattennew()
call assert_equal([1, 2, [3, 4], 5], flattennew(l, 1)) call assert_equal([1, 2, [3, 4], 5], flattennew(l, 1))
call assert_equal([1, [2, [3, 4]], 5], l) call assert_equal([1, [2, [3, 4]], 5], l)
var ll: list<list<string>> = [['a', 'b', 'c']]
assert_equal(['a', 'b', 'c'], ll->flattennew())
END END
CheckDefAndScriptSuccess(lines) CheckDefAndScriptSuccess(lines)
lines =<< trim END
echo flatten([1, 2, 3])
END
CheckDefAndScriptFailure(lines, 'E1158:')
CheckDefAndScriptFailure2(['flattennew({})'], 'E1013: Argument 1: type mismatch, expected list<any> but got dict<unknown>', 'E1211: List required for argument 1') CheckDefAndScriptFailure2(['flattennew({})'], 'E1013: Argument 1: type mismatch, expected list<any> but got dict<unknown>', 'E1211: List required for argument 1')
CheckDefAndScriptFailure2(['flattennew([], "1")'], 'E1013: Argument 2: type mismatch, expected number but got string', 'E1210: Number required for argument 2') CheckDefAndScriptFailure2(['flattennew([], "1")'], 'E1013: Argument 2: type mismatch, expected number but got string', 'E1210: Number required for argument 2')
enddef enddef

2
src/version.c
View File

@@ -755,6 +755,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
3427,
/**/ /**/
3426, 3426,
/**/ /**/