From 6ef5471afa69a654888bc285a51a6035405d33a0 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Sun, 25 Dec 2022 19:31:36 +0000 Subject: [PATCH] patch 9.0.1095: using freed memory when declaration fails Problem: Using freed memory when declaration fails. (Yegappan Lakshmanan) Solution: After unreferencing an object set the reference to NULL. --- src/testdir/test_vim9_class.vim | 16 ++++++++++++++++ src/typval.c | 2 ++ src/version.c | 2 ++ 3 files changed, 20 insertions(+) diff --git a/src/testdir/test_vim9_class.vim b/src/testdir/test_vim9_class.vim index c73e80fb6..7e4c92dda 100644 --- a/src/testdir/test_vim9_class.vim +++ b/src/testdir/test_vim9_class.vim @@ -349,6 +349,22 @@ def Test_class_object_member_access() assert_equal('make = 123', c2.GetMake()) END v9.CheckScriptSuccess(lines) + + lines =<< trim END + vim9script + + class MyCar + this.make: string + + def new(make_arg: string) + this.make = make_arg + enddef + endclass + + var c = MyCar.new("abc") + var c = MyCar.new("def") + END + v9.CheckScriptFailure(lines, 'E1041:') enddef def Test_class_member_access() diff --git a/src/typval.c b/src/typval.c index 98915ccca..6eae02b78 100644 --- a/src/typval.c +++ b/src/typval.c @@ -162,9 +162,11 @@ clear_tv(typval_T *varp) break; case VAR_CLASS: class_unref(varp->vval.v_class); + varp->vval.v_class = NULL; break; case VAR_OBJECT: object_unref(varp->vval.v_object); + varp->vval.v_object = NULL; break; case VAR_UNKNOWN: case VAR_ANY: diff --git a/src/version.c b/src/version.c index 95d2a6b6a..36d3f81ff 100644 --- a/src/version.c +++ b/src/version.c @@ -695,6 +695,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1095, /**/ 1094, /**/ -- 2.49.0