From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 13 Apr 2020 15:44:47 +0000 (+0200)
Subject: patch 8.2.0571: double free when passing invalid argument to job_start()
X-Git-Tag: v8.2.0571
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0015795baafaf7983875f979f92339375fe5d8e2;p=vim

patch 8.2.0571: double free when passing invalid argument to job_start()

Problem:    Double free when passing invalid argument to job_start().
Solution:   Clear the argument when freed. (Masato Nishihata, closes #5926)
---

diff --git a/src/misc2.c b/src/misc2.c
index 491818927..5fc20405a 100644
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -4356,7 +4356,10 @@ build_argv_from_list(list_T *l, char ***argv, int *argc)
 	    int i;
 
 	    for (i = 0; i < *argc; ++i)
+	    {
 		vim_free((*argv)[i]);
+		(*argv)[i] = NULL;
+	    }
 	    return FAIL;
 	}
 	(*argv)[*argc] = (char *)vim_strsave(s);
diff --git a/src/testdir/test_channel.vim b/src/testdir/test_channel.vim
index 11f33628d..af809eceb 100644
--- a/src/testdir/test_channel.vim
+++ b/src/testdir/test_channel.vim
@@ -1681,6 +1681,7 @@ func Test_job_start_fails()
   call assert_fails('let job = job_start(["   "])', 'E474:')
   call assert_fails('let job = job_start("")', 'E474:')
   call assert_fails('let job = job_start("   ")', 'E474:')
+  call assert_fails('let job = job_start(["ls", []])', 'E730:')
   %bw!
 endfunc
 
diff --git a/src/version.c b/src/version.c
index df1dcec7a..40e048d68 100644
--- a/src/version.c
+++ b/src/version.c
@@ -738,6 +738,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    571,
 /**/
     570,
 /**/