commit be82825687fcf020dc79667cc1cdf62ace2215f2
author Ernie Rael <errael@raelity.com> Fri Jul 26 18:37:02 2024 +0200
committer Christian Brabandt <cb@256bit.org> Fri Jul 26 18:39:52 2024 +0200
tree bfc317b3c5984e6e901343eb3121e2183d19e883
parent 8754efe437fcb17ad2c64192f8722e08d68e032e

patch 9.1.0620: Vim9: segfauls with null objects

Problem:  Vim9: segfauls with null objects
          (after v9.1.0219)
Solution: Check object pointer being NULL
          (Ernie Rael)

fixes: #15338
closes: #15349

Signed-off-by: Ernie Rael <errael@raelity.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

src/vim9execute.c

diff --git a/src/vim9execute.c b/src/vim9execute.c
index 3a3960a..40b5499 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -2254,26 +2254,35 @@
 	{
 	    // Need to get the member index now that the class is known.
 	    object_T *obj = tv_dest->vval.v_object;
-	    class_T *cl = obj->obj_class;
-	    char_u  *member = tv_idx->vval.v_string;
-
-	    int		m_idx;
-	    ocmember_T *m = object_member_lookup(cl, member, 0, &m_idx);
-	    if (m != NULL)
+	    if (obj == NULL)
 	    {
-		if (*member == '_')
-		{
-		    emsg_var_cl_define(e_cannot_access_protected_variable_str,
-							m->ocm_name, 0, cl);
-		    status = FAIL;
-		}
-
-		lidx = m_idx;
+		emsg(_(e_using_null_object));
+		status = FAIL;
 	    }
 	    else
 	    {
-		member_not_found_msg(cl, VAR_OBJECT, member, 0);
-		status = FAIL;
+		class_T *cl = obj->obj_class;
+		char_u  *member = tv_idx->vval.v_string;
+
+		int		m_idx;
+		ocmember_T *m = object_member_lookup(cl, member, 0, &m_idx);
+		if (m != NULL)
+		{
+		    if (*member == '_')
+		    {
+			emsg_var_cl_define(
+					e_cannot_access_protected_variable_str,
+					m->ocm_name, 0, cl);
+			status = FAIL;
+		    }
+
+		    lidx = m_idx;
+		}
+		else
+		{
+		    member_not_found_msg(cl, VAR_OBJECT, member, 0);
+		    status = FAIL;
+		}
 	    }
 	}
 	else if ((dest_type == VAR_LIST || dest_type == VAR_OBJECT)
@@ -3567,7 +3576,10 @@
 				p = tv_get_string_buf(tv, buf);
 			}
 			else
+			{
+			    SOURCING_LNUM = iptr->isn_lnum;
 			    p = tv_stringify(tv, buf);
+			}
 
 			len = (int)STRLEN(p);
 			if (GA_GROW_FAILS(&ga, len + 2))
@@ -4380,7 +4392,14 @@
 			object_required_error(tv);
 			goto on_error;
 		    }
+
 		    object_T *obj = tv->vval.v_object;
+		    if (obj == NULL)
+		    {
+			emsg(_(e_using_null_object));
+			goto on_error;
+		    }
+
 		    class_T *cl = obj->obj_class;
 
 		    // convert the interface index to the object index
@@ -4536,12 +4555,21 @@
 			    tv = STACK_TV_BOT(-1);
 			    if (tv->v_type != VAR_OBJECT)
 			    {
+				SOURCING_LNUM = iptr->isn_lnum;
 				object_required_error(tv);
 				vim_free(pt);
 				goto on_error;
 			    }
 
 			    object_T *obj = tv->vval.v_object;
+			    if (obj == NULL)
+			    {
+				SOURCING_LNUM = iptr->isn_lnum;
+				emsg(_(e_using_null_object));
+				vim_free(pt);
+				goto on_error;
+			    }
+
 			    cl = obj->obj_class;
 			    // drop the value from the stack
 			    clear_tv(tv);