patch 9.1.1066: heap-use-after-free and stack-use-after-scope with :14verbose
Problem: heap-use-after-free and stack-use-after-scope with :14verbose
when using :return and :try (after 9.1.1063).
Solution: Move back the vim_free(tofree) and the scope of numbuf[].
(zeertzjq)
closes: #16563
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/testdir/test_user_func.vim b/src/testdir/test_user_func.vim
index 99ac906..bae98ed 100644
--- a/src/testdir/test_user_func.vim
+++ b/src/testdir/test_user_func.vim
@@ -987,4 +987,36 @@
delfunc Fail
endfunc
+func Test_func_return_in_try_verbose()
+ func TryReturnList()
+ try
+ return [1, 2, 3]
+ endtry
+ endfunc
+ func TryReturnNumber()
+ try
+ return 123
+ endtry
+ endfunc
+ func TryReturnOverlongString()
+ try
+ return repeat('a', 9999)
+ endtry
+ endfunc
+
+ " This should not cause heap-use-after-free
+ call assert_match('\n:return \[1, 2, 3\] made pending\n',
+ \ execute('14verbose call TryReturnList()'))
+ " This should not cause stack-use-after-scope
+ call assert_match('\n:return 123 made pending\n',
+ \ execute('14verbose call TryReturnNumber()'))
+ " An overlong string is truncated
+ call assert_match('\n:return a\{100,}\.\.\.',
+ \ execute('14verbose call TryReturnOverlongString()'))
+
+ delfunc TryReturnList
+ delfunc TryReturnNumber
+ delfunc TryReturnOverlongString
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab