commit a14e6975478adeddcc2161edc1ec611016aa89f3
author Bram Moolenaar <Bram@vim.org> Mon May 25 23:29:28 2020 +0200
committer Bram Moolenaar <Bram@vim.org> Mon May 25 23:29:28 2020 +0200
tree 91d67e43f4bc17c7787d26b18e0f3b835a6cd703
parent 1919371b2b9ddb1a645f40b59adbd89317530882

patch 8.2.0825: def_function() may return pointer that was freed

Problem:    def_function() may return pointer that was freed.
Solution:   Set "fp" to NULL after freeing it.

src/userfunc.c

diff --git a/src/userfunc.c b/src/userfunc.c
index 87e06c6..c50a871 100644
--- a/src/userfunc.c
+++ b/src/userfunc.c
@@ -3140,12 +3140,14 @@
 		if (fudi.fd_di == NULL)
 		{
 		    vim_free(fp);
+		    fp = NULL;
 		    goto erret;
 		}
 		if (dict_add(fudi.fd_dict, fudi.fd_di) == FAIL)
 		{
 		    vim_free(fudi.fd_di);
 		    vim_free(fp);
+		    fp = NULL;
 		    goto erret;
 		}
 	    }
@@ -3169,6 +3171,7 @@
 	else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL)
 	{
 	    vim_free(fp);
+	    fp = NULL;
 	    goto erret;
 	}
 	fp->uf_refcount = 1;