From 0309d3fbf0edc5ac958964f85dff76719340c4c7 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Mon, 3 Feb 2025 11:11:46 +0800 Subject: vim-patch:8.2.0825: def_function() may return pointer that was freed Problem: def_function() may return pointer that was freed. Solution: Set "fp" to NULL after freeing it. https://github.com/vim/vim/commit/a14e6975478adeddcc2161edc1ec611016aa89f3 Co-authored-by: Bram Moolenaar --- src/nvim/eval/userfunc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/nvim/eval/userfunc.c') diff --git a/src/nvim/eval/userfunc.c b/src/nvim/eval/userfunc.c index 2e549fcf37..da91de4650 100644 --- a/src/nvim/eval/userfunc.c +++ b/src/nvim/eval/userfunc.c @@ -2867,6 +2867,7 @@ void ex_function(exarg_T *eap) if (tv_dict_add(fudi.fd_dict, fudi.fd_di) == FAIL) { xfree(fudi.fd_di); xfree(fp); + fp = NULL; goto erret; } } else { @@ -2887,6 +2888,7 @@ void ex_function(exarg_T *eap) hi->hi_key = UF2HIKEY(fp); } else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL) { xfree(fp); + fp = NULL; goto erret; } fp->uf_refcount = 1; -- cgit