patch 8.1.1485: double free when garbage_collect() is used in autocommand

Problem:    Double free when garbage_collect() is used in autocommand.
Solution:   Have garbage collection also set the copyID in funccal_stack.
This commit is contained in:
Bram Moolenaar
2019-06-06 19:03:17 +02:00
parent 75ee544f99
commit c07f67ad0e
3 changed files with 14 additions and 6 deletions

View File

@ -430,12 +430,11 @@ eval_clear(void)
vim_free(SCRIPT_SV(i));
ga_clear(&ga_scripts);
// functions need to be freed before gargabe collecting, otherwise local
// variables might be freed twice.
free_all_functions();
// unreferenced lists and dicts
(void)garbage_collect(FALSE);
// functions not garbage collected
free_all_functions();
}
#endif

View File

@ -4030,11 +4030,18 @@ set_ref_in_funccal(funccall_T *fc, int copyID)
int
set_ref_in_call_stack(int copyID)
{
int abort = FALSE;
funccall_T *fc;
int abort = FALSE;
funccall_T *fc;
funccal_entry_T *entry;
for (fc = current_funccal; fc != NULL; fc = fc->caller)
abort = abort || set_ref_in_funccal(fc, copyID);
// Also go through the funccal_stack.
for (entry = funccal_stack; entry != NULL; entry = entry->next)
for (fc = entry->top_funccal; fc != NULL; fc = fc->caller)
abort = abort || set_ref_in_funccal(fc, copyID);
return abort;
}

View File

@ -767,6 +767,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
1485,
/**/
1484,
/**/