To: vim_dev@googlegroups.com
Subject: Patch 9.0.1050
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 9.0.1050
Problem:    Using freed memory when assigning to variable twice.
Solution:   Make copy of the list type. (closes #11691)
Files:      src/vim9type.c, src/testdir/test_vim9_script.vim


*** ../vim-9.0.1049/src/vim9type.c	2022-12-09 21:41:43.908327271 +0000
--- src/vim9type.c	2022-12-12 18:48:27.162653010 +0000
***************
*** 403,409 ****
  	if (l->lv_type != NULL && (l->lv_first == NULL
  					   || (flags & TVTT_MORE_SPECIFIC) == 0
  					   || l->lv_type->tt_member != &t_any))
! 	    return l->lv_type;
  	if (l->lv_first == &range_list_item)
  	    return &t_list_number;
  	if (l->lv_copyID == copyID)
--- 403,410 ----
  	if (l->lv_type != NULL && (l->lv_first == NULL
  					   || (flags & TVTT_MORE_SPECIFIC) == 0
  					   || l->lv_type->tt_member != &t_any))
! 	    // make a copy, lv_type may be freed if the list is freed
! 	    return copy_type(l->lv_type, type_gap);
  	if (l->lv_first == &range_list_item)
  	    return &t_list_number;
  	if (l->lv_copyID == copyID)
*** ../vim-9.0.1049/src/testdir/test_vim9_script.vim	2022-11-06 12:25:42.430836659 +0000
--- src/testdir/test_vim9_script.vim	2022-12-12 18:54:09.377728095 +0000
***************
*** 4519,4524 ****
--- 4519,4554 ----
    endif
  enddef
  
+ def Test_free_type_before_use()
+   # this rather complicated script was freeing a type before using it
+   var lines =<< trim END
+       vim9script
+ 
+       def Scan(rel: list<dict<any>>): func(func(dict<any>))
+         return (Emit: func(dict<any>)) => {
+           for t in rel
+             Emit(t)
+           endfor
+         }
+       enddef
+ 
+       def Build(Cont: func(func(dict<any>))): list<dict<any>>
+         var rel: list<dict<any>> = []
+         Cont((t) => {
+             add(rel, t)
+         })
+         return rel
+       enddef
+ 
+       var R = [{A: 0}]
+       var result = Scan(R)->Build()
+       result = Scan(R)->Build()
+ 
+       assert_equal(R, result)
+   END
+   v9.CheckScriptSuccess(lines)
+ enddef
+ 
  " Keep this last, it messes up highlighting.
  def Test_substitute_cmd()
    new
*** ../vim-9.0.1049/src/version.c	2022-12-12 13:47:37.463104765 +0000
--- src/version.c	2022-12-12 18:55:35.077558702 +0000
***************
*** 697,698 ****
--- 697,700 ----
  {   /* Add new patch number below this line */
+ /**/
+     1050,
  /**/

-- 
Facepalm statement #9: "Did you see, there is now even a hobbit book"

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///