patch 9.0.1093: using freed memory of object member
Problem: Using freed memory of object member. (Yegappan Lakshmanan)
Solution: Make a copy of the object member when getting it.
diff --git a/src/testdir/test_vim9_class.vim b/src/testdir/test_vim9_class.vim
index 88128e7..c73e80f 100644
--- a/src/testdir/test_vim9_class.vim
+++ b/src/testdir/test_vim9_class.vim
@@ -323,6 +323,32 @@
assert_fails('trip.four = 4', 'E1334')
END
v9.CheckScriptSuccess(lines)
+
+ lines =<< trim END
+ vim9script
+
+ class MyCar
+ this.make: string
+
+ def new(make_arg: string)
+ this.make = make_arg
+ enddef
+
+ def GetMake(): string
+ return $"make = {this.make}"
+ enddef
+ endclass
+
+ var c = MyCar.new("abc")
+ assert_equal('make = abc', c.GetMake())
+
+ c = MyCar.new("def")
+ assert_equal('make = def', c.GetMake())
+
+ var c2 = MyCar.new("123")
+ assert_equal('make = 123', c2.GetMake())
+ END
+ v9.CheckScriptSuccess(lines)
enddef
def Test_class_member_access()
diff --git a/src/version.c b/src/version.c
index 53f0001..5c21f7a 100644
--- a/src/version.c
+++ b/src/version.c
@@ -696,6 +696,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1093,
+/**/
1092,
/**/
1091,
diff --git a/src/vim9execute.c b/src/vim9execute.c
index cdaeb5b..a6d43b5 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -3799,7 +3799,7 @@
tv->vval.v_number = iptr->isn_arg.storenr.stnr_val;
break;
- // store value in list or dict variable
+ // Store a value in a list, dict, blob or object variable.
case ISN_STOREINDEX:
{
int res = execute_storeindex(iptr, ectx);
@@ -5159,7 +5159,7 @@
object_T *obj = tv->vval.v_object;
// the members are located right after the object struct
typval_T *mtv = ((typval_T *)(obj + 1)) + idx;
- *tv = *mtv;
+ copy_tv(mtv, tv);
// Unreference the object after getting the member, it may
// be freed.