patch 8.2.0571: double free when passing invalid argument to job_start()
Problem: Double free when passing invalid argument to job_start().
Solution: Clear the argument when freed. (Masato Nishihata, closes #5926)
diff --git a/src/misc2.c b/src/misc2.c
index 4918189..5fc2040 100644
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -4356,7 +4356,10 @@
int i;
for (i = 0; i < *argc; ++i)
+ {
vim_free((*argv)[i]);
+ (*argv)[i] = NULL;
+ }
return FAIL;
}
(*argv)[*argc] = (char *)vim_strsave(s);
diff --git a/src/testdir/test_channel.vim b/src/testdir/test_channel.vim
index 11f3362..af809ec 100644
--- a/src/testdir/test_channel.vim
+++ b/src/testdir/test_channel.vim
@@ -1681,6 +1681,7 @@
call assert_fails('let job = job_start([" "])', 'E474:')
call assert_fails('let job = job_start("")', 'E474:')
call assert_fails('let job = job_start(" ")', 'E474:')
+ call assert_fails('let job = job_start(["ls", []])', 'E730:')
%bw!
endfunc
diff --git a/src/version.c b/src/version.c
index df1dcec..40e048d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -739,6 +739,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 571,
+/**/
570,
/**/
569,