From 745b938a48104778dcb7b0245e6589b54cb93593 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Thu, 27 Jan 2022 13:55:35 +0000 Subject: [PATCH] patch 8.2.4229: possible crash when invoking timer callback fails Problem: Possible crash when invoking timer callback fails. Solution: Initialize the typval. Give an error for an empty callback. (closes #9636) --- src/testdir/test_vim9_builtin.vim | 2 ++ src/time.c | 8 ++++++++ src/version.c | 2 ++ 3 files changed, 12 insertions(+) diff --git a/src/testdir/test_vim9_builtin.vim b/src/testdir/test_vim9_builtin.vim index a00133f14c..45d212cf05 100644 --- a/src/testdir/test_vim9_builtin.vim +++ b/src/testdir/test_vim9_builtin.vim @@ -4132,6 +4132,8 @@ enddef def Test_timer_start() CheckDefAndScriptFailure(['timer_start("a", "1")'], ['E1013: Argument 1: type mismatch, expected number but got string', 'E1210: Number required for argument 1']) CheckDefAndScriptFailure(['timer_start(1, "1", [1])'], ['E1013: Argument 3: type mismatch, expected dict but got list', 'E1206: Dictionary required for argument 3']) + CheckDefExecAndScriptFailure(['timer_start(100, 0)'], 'E921:') + CheckDefExecAndScriptFailure(['timer_start(100, "")'], 'E921:') enddef def Test_timer_stop() diff --git a/src/time.c b/src/time.c index 78e20eb13c..00275ef665 100644 --- a/src/time.c +++ b/src/time.c @@ -481,6 +481,7 @@ timer_callback(timer_T *timer) argv[0].vval.v_number = (varnumber_T)timer->tr_id; argv[1].v_type = VAR_UNKNOWN; + rettv.v_type = VAR_UNKNOWN; call_callback(&timer->tr_callback, -1, &rettv, 1, argv); clear_tv(&rettv); } @@ -854,6 +855,13 @@ f_timer_start(typval_T *argvars, typval_T *rettv) callback = get_callback(&argvars[1]); if (callback.cb_name == NULL) return; + if (in_vim9script() && *callback.cb_name == NUL) + { + // empty callback is not useful for a timer + emsg(_(e_invalid_callback_argument)); + free_callback(&callback); + return; + } timer = create_timer(msec, repeat); if (timer == NULL) diff --git a/src/version.c b/src/version.c index e3a97154a9..c8b0ce15e4 100644 --- a/src/version.c +++ b/src/version.c @@ -750,6 +750,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 4229, /**/ 4228, /**/