patch 8.2.4587: Vim9: double free after unpacking a list Problem: Vim9: double free after unpacking a list. Solution: Make a copy of the value instead of moving it. (closes #9968)

commit: 61efa16932d485fc724e4b94a8e7078a176c9946 [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Fri Mar 18 13:10:48 2022 +0000
committer: Bram Moolenaar <Bram@vim.org> Fri Mar 18 13:10:48 2022 +0000
tree: eb5308b89e7ad18b04e5efa9f69d18159925caa5
parent: 1d9cef769d6c91d9a58a9c3c1c8ffe3da3570871 [diff] [blame]
diff --git a/src/vim9execute.c b/src/vim9execute.c
index 4d24eb9..3136dce 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c

@@ -4773,7 +4773,10 @@
 			    li = li->li_next;
 			for (i = 0; li != NULL; ++i)
 			{
-			    list_set_item(rem_list, i, &li->li_tv);
+			    typval_T tvcopy;
+
+			    copy_tv(&li->li_tv, &tvcopy);
+			    list_set_item(rem_list, i, &tvcopy);
 			    li = li->li_next;
 			}
 			--count;
commit	61efa16932d485fc724e4b94a8e7078a176c9946	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Fri Mar 18 13:10:48 2022 +0000
committer	Bram Moolenaar <Bram@vim.org>	Fri Mar 18 13:10:48 2022 +0000
tree	eb5308b89e7ad18b04e5efa9f69d18159925caa5
parent	1d9cef769d6c91d9a58a9c3c1c8ffe3da3570871 [diff] [blame]