aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-07-26 11:04:33 -04:00
Code

patch 8.1.1485: double free when garbage_collect() is used in autocommand

Browse Source 
Problem:    Double free when garbage_collect() is used in autocommand.
Solution:   Have garbage collection also set the copyID in funccal_stack.
This commit is contained in:
Bram Moolenaar 2019-06-06 19:03:17 +02:00
parent 75ee544f99
commit c07f67ad0e
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/eval.c
View File

@ -430,12 +430,11 @@ eval_clear(void)
vim_free(SCRIPT_SV(i)); vim_free(SCRIPT_SV(i));
ga_clear(&ga_scripts); ga_clear(&ga_scripts);
// functions need to be freed before gargabe collecting, otherwise local
// variables might be freed twice.
free_all_functions();
// unreferenced lists and dicts // unreferenced lists and dicts
(void)garbage_collect(FALSE); (void)garbage_collect(FALSE);
// functions not garbage collected
free_all_functions();
} }
#endif #endif

7
src/userfunc.c
View File

@ -4032,9 +4032,16 @@ set_ref_in_call_stack(int copyID)
{ {
int abort = FALSE; int abort = FALSE;
funccall_T *fc; funccall_T *fc;
funccal_entry_T *entry;
for (fc = current_funccal; fc != NULL; fc = fc->caller) for (fc = current_funccal; fc != NULL; fc = fc->caller)
abort = abort || set_ref_in_funccal(fc, copyID); abort = abort || set_ref_in_funccal(fc, copyID);
// Also go through the funccal_stack.
for (entry = funccal_stack; entry != NULL; entry = entry->next)
for (fc = entry->top_funccal; fc != NULL; fc = fc->caller)
abort = abort || set_ref_in_funccal(fc, copyID);
return abort; return abort;
} }

2
src/version.c
View File

@ -767,6 +767,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1485,
/**/ /**/
1484, 1484,
/**/ /**/