patch 8.2.4229: possible crash when invoking timer callback fails
Problem: Possible crash when invoking timer callback fails.
Solution: Initialize the typval. Give an error for an empty callback.
(closes #9636)
diff --git a/src/testdir/test_vim9_builtin.vim b/src/testdir/test_vim9_builtin.vim
index a00133f..45d212c 100644
--- a/src/testdir/test_vim9_builtin.vim
+++ b/src/testdir/test_vim9_builtin.vim
@@ -4132,6 +4132,8 @@
def Test_timer_start()
CheckDefAndScriptFailure(['timer_start("a", "1")'], ['E1013: Argument 1: type mismatch, expected number but got string', 'E1210: Number required for argument 1'])
CheckDefAndScriptFailure(['timer_start(1, "1", [1])'], ['E1013: Argument 3: type mismatch, expected dict<any> but got list<number>', 'E1206: Dictionary required for argument 3'])
+ CheckDefExecAndScriptFailure(['timer_start(100, 0)'], 'E921:')
+ CheckDefExecAndScriptFailure(['timer_start(100, "")'], 'E921:')
enddef
def Test_timer_stop()
diff --git a/src/time.c b/src/time.c
index 78e20eb..00275ef 100644
--- a/src/time.c
+++ b/src/time.c
@@ -481,6 +481,7 @@
argv[0].vval.v_number = (varnumber_T)timer->tr_id;
argv[1].v_type = VAR_UNKNOWN;
+ rettv.v_type = VAR_UNKNOWN;
call_callback(&timer->tr_callback, -1, &rettv, 1, argv);
clear_tv(&rettv);
}
@@ -854,6 +855,13 @@
callback = get_callback(&argvars[1]);
if (callback.cb_name == NULL)
return;
+ if (in_vim9script() && *callback.cb_name == NUL)
+ {
+ // empty callback is not useful for a timer
+ emsg(_(e_invalid_callback_argument));
+ free_callback(&callback);
+ return;
+ }
timer = create_timer(msec, repeat);
if (timer == NULL)
diff --git a/src/version.c b/src/version.c
index e3a9715..c8b0ce1 100644
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 4229,
+/**/
4228,
/**/
4227,