patch 9.0.1862: Vim9 Garbage Collection issues

Problem: Vim9 Garbage Collection issues Solution: Class members are garbage collected early leading to use-after-free problems. Handle the garbage collection of classes properly. closes: #13019 Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
2023-09-04 07:51:01 +02:00
parent 233f956bd4
commit e651e110c1
7 changed files with 159 additions and 68 deletions
--- a/src/eval.c
+++ b/src/eval.c
@@ -5305,6 +5305,8 @@ garbage_collect(int testing)
    abort = abort || set_ref_in_popups(copyID);
 #endif

+    abort = abort || set_ref_in_classes(copyID);
+
    if (!abort)
    {
 	/*
@@ -5353,6 +5355,9 @@ free_unref_items(int copyID)
    // Go through the list of objects and free items without this copyID.
    did_free |= object_free_nonref(copyID);

+    // Go through the list of classes and free items without this copyID.
+    did_free |= class_free_nonref(copyID);
+
 #ifdef FEAT_JOB_CHANNEL
    // Go through the list of jobs and free items without the copyID. This
    // must happen before doing channels, because jobs refer to channels, but
@@ -5707,7 +5712,7 @@ set_ref_in_item_channel(
 * Mark the class "cl" with "copyID".
 * Also see set_ref_in_item().
 */
-    static int
+    int
 set_ref_in_item_class(
    class_T		*cl,
    int			copyID,
@@ -5716,8 +5721,7 @@ set_ref_in_item_class(
 {
    int abort = FALSE;

-    if (cl == NULL || cl->class_copyID == copyID
-				|| (cl->class_flags & CLASS_INTERFACE) != 0)
+    if (cl == NULL || cl->class_copyID == copyID)
 	return FALSE;

    cl->class_copyID = copyID;