patch 8.2.1825: Vim9: accessing freed memory

author Bram Moolenaar <Bram@vim.org>

Sat, 10 Oct 2020 18:31:37 +0000 (20:31 +0200)

committer Bram Moolenaar <Bram@vim.org>

Sat, 10 Oct 2020 18:31:37 +0000 (20:31 +0200)
author Bram Moolenaar <Bram@vim.org>
Sat, 10 Oct 2020 18:31:37 +0000 (20:31 +0200)
committer Bram Moolenaar <Bram@vim.org>
Sat, 10 Oct 2020 18:31:37 +0000 (20:31 +0200)
diff --git a/src/ex_eval.c b/src/ex_eval.c

index 6a7087b6831c63f60806ef3b0af5272045874cd3..d205cafc47e6244031672cf658af8b9a26fbfa0c 100644 (file)
--- a/src/ex_eval.c
+++ b/src/ex_eval.c
@@ -925,22 +925,28 @@ leave_block(cstack_T *cstack)
  
      if (in_vim9script())
      {
-       scriptitem_T *si = SCRIPT_ITEM(current_sctx.sc_sid);
+       scriptitem_T    *si = SCRIPT_ITEM(current_sctx.sc_sid);
+       hashtab_T       *ht = get_script_local_ht();
  
-       for (i = cstack->cs_script_var_len[cstack->cs_idx];
-                                              i < si->sn_var_vals.ga_len; ++i)
+       if (ht != NULL)
         {
-           svar_T      *sv = ((svar_T *)si->sn_var_vals.ga_data) + i;
-           hashtab_T   *ht = get_script_local_ht();
-           hashitem_T  *hi;
-
-           if (ht != NULL)
+           for (i = cstack->cs_script_var_len[cstack->cs_idx];
+                                              i < si->sn_var_vals.ga_len; ++i)
             {
-               // Remove a variable declared inside the block, if it still
-               // exists.
-               hi = hash_find(ht, sv->sv_name);
-               if (!HASHITEM_EMPTY(hi))
-                   delete_var(ht, hi);
+               svar_T  *sv = ((svar_T *)si->sn_var_vals.ga_data) + i;
+               hashitem_T      *hi;
+
+               if (sv->sv_name != NULL)
+               {
+                   // Remove a variable declared inside the block, if it still
+                   // exists.
+                   hi = hash_find(ht, sv->sv_name);
+                   if (!HASHITEM_EMPTY(hi))
+                   {
+                       delete_var(ht, hi);
+                       sv->sv_name = NULL;
+                   }
+               }
             }
         }
      }
diff --git a/src/version.c b/src/version.c

index e7e863be16d65a060d50446b0abaf5fad3d2a1f1..789e1049385ae7cdab7876cdba2c456347ac9195 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -750,6 +750,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    1825,
  /**/
      1824,
  /**/
author	Bram Moolenaar <Bram@vim.org>
	Sat, 10 Oct 2020 18:31:37 +0000 (20:31 +0200)
committer	Bram Moolenaar <Bram@vim.org>
	Sat, 10 Oct 2020 18:31:37 +0000 (20:31 +0200)
src/ex_eval.c		patch \| blob \| history
src/version.c		patch \| blob \| history