patch 8.1.0068: nasty autocommands can still cause using freed memory
Problem: Nasty autocommands can still cause using freed memory.
Solution: Disallow using setloclist() and setqflist() recursively.
diff --git a/src/evalfunc.c b/src/evalfunc.c
index 2bbeb25..4960203 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -10621,6 +10621,7 @@
static char *e_invact = N_("E927: Invalid action: '%s'");
char_u *act;
int action = 0;
+ static int recursive = 0;
#endif
rettv->vval.v_number = -1;
@@ -10628,6 +10629,8 @@
#ifdef FEAT_QUICKFIX
if (list_arg->v_type != VAR_LIST)
EMSG(_(e_listreq));
+ else if (recursive != 0)
+ EMSG(_(e_au_recursive));
else
{
list_T *l = list_arg->vval.v_list;
@@ -10662,9 +10665,12 @@
}
}
+ ++recursive;
if (l != NULL && action && valid_dict && set_errorlist(wp, l, action,
- (char_u *)(wp == NULL ? ":setqflist()" : ":setloclist()"), d) == OK)
+ (char_u *)(wp == NULL ? ":setqflist()" : ":setloclist()"),
+ d) == OK)
rettv->vval.v_number = 0;
+ --recursive;
}
#endif
}
diff --git a/src/version.c b/src/version.c
index 0ecc60c..e55be52 100644
--- a/src/version.c
+++ b/src/version.c
@@ -762,6 +762,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 68,
+/**/
67,
/**/
66,