commit 0309d3fbf0edc5ac958964f85dff76719340c4c7
parent af069c5c05ad99623345071007ad23da51973601
Author: zeertzjq <zeertzjq@outlook.com>
Date: Mon, 3 Feb 2025 11:11:46 +0800
vim-patch:8.2.0825: def_function() may return pointer that was freed
Problem: def_function() may return pointer that was freed.
Solution: Set "fp" to NULL after freeing it.
https://github.com/vim/vim/commit/a14e6975478adeddcc2161edc1ec611016aa89f3
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat:
1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/nvim/eval/userfunc.c b/src/nvim/eval/userfunc.c
@@ -2867,6 +2867,7 @@ void ex_function(exarg_T *eap)
if (tv_dict_add(fudi.fd_dict, fudi.fd_di) == FAIL) {
xfree(fudi.fd_di);
xfree(fp);
+ fp = NULL;
goto erret;
}
} else {
@@ -2887,6 +2888,7 @@ void ex_function(exarg_T *eap)
hi->hi_key = UF2HIKEY(fp);
} else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL) {
xfree(fp);
+ fp = NULL;
goto erret;
}
fp->uf_refcount = 1;
