patch 8.2.3771: Vim9: accessing freed memory when checking type Problem: Vim9: accessing freed memory when checking type. Solution: Make a copy of a function type.

commit: dd297bc11d2793ba61638972778c57f2da14e8b5 [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Fri Dec 10 10:37:38 2021 +0000
committer: Bram Moolenaar <Bram@vim.org> Fri Dec 10 10:37:38 2021 +0000
tree: fb7546a0a0274769ebc31001403383467c9d6e81
parent: dee78e1ce857985c06ff18e20daeadfe1622b8ae [diff] [blame]
diff --git a/src/evalvars.c b/src/evalvars.c
index 60df723..d91ec01 100644
--- a/src/evalvars.c
+++ b/src/evalvars.c

@@ -3291,6 +3291,7 @@
     int		vim9script = in_vim9script();
     int		var_in_vim9script;
     int		flags = flags_arg;
+    int		free_tv_arg = !copy;  // free tv_arg if not used
 
     ht = find_var_ht(name, &varname);
     if (ht == NULL || *varname == NUL)
@@ -3545,6 +3546,7 @@
 	dest_tv->v_lock = 0;
 	init_tv(tv);
     }
+    free_tv_arg = FALSE;
 
     if (vim9script && type != NULL)
     {
@@ -3573,10 +3575,9 @@
 	// if the reference count is up to one.  That locks only literal
 	// values.
 	item_lock(dest_tv, DICT_MAXNEST, TRUE, TRUE);
-    return;
 
 failed:
-    if (!copy)
+    if (free_tv_arg)
 	clear_tv(tv_arg);
 }
commit	dd297bc11d2793ba61638972778c57f2da14e8b5	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Fri Dec 10 10:37:38 2021 +0000
committer	Bram Moolenaar <Bram@vim.org>	Fri Dec 10 10:37:38 2021 +0000
tree	fb7546a0a0274769ebc31001403383467c9d6e81
parent	dee78e1ce857985c06ff18e20daeadfe1622b8ae [diff] [blame]