commit 638c6b406bc41d4fed5ef282bae526888de8229a
parent cd42740245b5dd25ef9c7e116656d6da630f5db0
Author: zeertzjq <zeertzjq@outlook.com>
Date: Mon, 3 Feb 2025 10:21:57 +0800
vim-patch:8.2.2505: Vim9: crash after defining function with invalid return type
Problem: Vim9: crash after defining function with invalid return type.
Solution: Clear function growarrays. Fix memory leak.
https://github.com/vim/vim/commit/31842cd0772b557eb9584a13740430db29de8a51
Cherry-pick free_fp from patch 8.2.3812.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat:
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/nvim/eval/userfunc.c b/src/nvim/eval/userfunc.c
@@ -2515,7 +2515,8 @@ void ex_function(exarg_T *eap)
garray_T newlines;
int varargs = false;
int flags = 0;
- ufunc_T *fp;
+ ufunc_T *fp = NULL;
+ bool free_fp = false;
bool overwrite = false;
funcdict_T fudi;
static int func_nr = 0; // number for nameless function
@@ -2888,8 +2889,7 @@ void ex_function(exarg_T *eap)
hashitem_T *hi = hash_find(&func_hashtab, name);
hi->hi_key = UF2HIKEY(fp);
} else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL) {
- xfree(fp);
- fp = NULL;
+ free_fp = true;
goto erret;
}
fp->uf_refcount = 1;
@@ -2920,8 +2920,16 @@ void ex_function(exarg_T *eap)
erret:
ga_clear_strings(&newargs);
ga_clear_strings(&default_args);
+ if (fp != NULL) {
+ ga_init(&fp->uf_args, (int)sizeof(char *), 1);
+ ga_init(&fp->uf_def_args, (int)sizeof(char *), 1);
+ }
errret_2:
ga_clear_strings(&newlines);
+ if (free_fp) {
+ xfree(fp);
+ fp = NULL;
+ }
ret_free:
xfree(line_to_free);
xfree(fudi.fd_newkey);
