patch 9.1.1400: [security]: use-after-free when evaluating tuple fails Problem: [security]: use-after-free when evaluating tuple fails Solution: return early in case of an error (Yegappan Lakshmanan) closes: #17351 Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com> Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 1307743697bbc46e1518abfea7f89caa95bcaf97 [log] [tgz]
author: Yegappan Lakshmanan <yegappan@yahoo.com> Wed May 21 20:52:44 2025 +0200
committer: Christian Brabandt <cb@256bit.org> Wed May 21 20:54:27 2025 +0200
tree: 1d64d251d330f2dde124074d23a6f492b5e3cdf3
parent: 681f1c914f8b4a1b53b838d5d6d8d0b931ea1ee0 [diff] [blame]
diff --git a/src/eval.c b/src/eval.c
index 530cc95..bbfe566 100644
--- a/src/eval.c
+++ b/src/eval.c

@@ -5000,6 +5000,8 @@
 	else
 	{
 	    ret = eval1(arg, rettv, evalarg);	// recursive!
+	    if (ret != OK)
+		return ret;
 
 	    *arg = skipwhite_and_linebreak(*arg, evalarg);
commit	1307743697bbc46e1518abfea7f89caa95bcaf97	[log] [tgz]
author	Yegappan Lakshmanan <yegappan@yahoo.com>	Wed May 21 20:52:44 2025 +0200
committer	Christian Brabandt <cb@256bit.org>	Wed May 21 20:54:27 2025 +0200
tree	1d64d251d330f2dde124074d23a6f492b5e3cdf3
parent	681f1c914f8b4a1b53b838d5d6d8d0b931ea1ee0 [diff] [blame]