commit 04d2a3fdc051d6a419dc0ea4de7a9640cefccd31
author zeertzjq <zeertzjq@outlook.com> Sun Feb 02 19:03:17 2025 +0100
committer Christian Brabandt <cb@256bit.org> Sun Feb 02 19:04:22 2025 +0100
tree d78203bf5fb256bb4cd8d00051d701b0cb77a421
parent edf0f7db28f87611368e158210e58ed30f673098

patch 9.1.1071: args missing after failing to redefine a function

Problem:  Arguments of a function are missing after failing to redefine
          it (after 8.2.2505), and heap-use-after-free with script-local
          function (after 9.1.1063).
Solution: Don't clear arguments or free uf_name_exp when failing to
          redefine an existing function (zeertzjq)

closes: #16567

Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

src/userfunc.c

diff --git a/src/userfunc.c b/src/userfunc.c
index 0cdfa38..a60eeb2 100644
--- a/src/userfunc.c
+++ b/src/userfunc.c
@@ -5404,13 +5404,13 @@
 		    emsg_funcname(e_name_already_defined_str, name);
 		else
 		    emsg_funcname(e_function_str_already_exists_add_bang_to_replace, name);
-		goto erret;
+		goto errret_keep;
 	    }
 	    if (fp->uf_calls > 0)
 	    {
 		emsg_funcname(
 			    e_cannot_redefine_function_str_it_is_in_use, name);
-		goto erret;
+		goto errret_keep;
 	    }
 	    if (fp->uf_refcount > 1)
 	    {
@@ -5630,9 +5630,6 @@
 	ga_init(&fp->uf_def_args);
     }
 errret_2:
-    ga_clear_strings(&newargs);
-    ga_clear_strings(&default_args);
-    ga_clear_strings(&newlines);
     if (fp != NULL)
     {
 	VIM_CLEAR(fp->uf_arg_types);
@@ -5642,6 +5639,10 @@
     }
     if (free_fp)
 	VIM_CLEAR(fp);
+errret_keep:
+    ga_clear_strings(&newargs);
+    ga_clear_strings(&default_args);
+    ga_clear_strings(&newlines);
 ret_free:
     ga_clear_strings(&argtypes);
     ga_clear(&arg_objm);