To: vim_dev@googlegroups.com Subject: Patch 8.1.1485 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.1.1485 Problem: Double free when garbage_collect() is used in autocommand. Solution: Have garbage collection also set the copyID in funccal_stack. Files: src/eval.c, src/userfunc.c *** ../vim-8.1.1484/src/eval.c 2019-06-06 18:05:19.238273419 +0200 --- src/eval.c 2019-06-06 18:42:56.488165150 +0200 *************** *** 430,441 **** vim_free(SCRIPT_SV(i)); ga_clear(&ga_scripts); - // functions need to be freed before gargabe collecting, otherwise local - // variables might be freed twice. - free_all_functions(); - // unreferenced lists and dicts (void)garbage_collect(FALSE); } #endif --- 430,440 ---- vim_free(SCRIPT_SV(i)); ga_clear(&ga_scripts); // unreferenced lists and dicts (void)garbage_collect(FALSE); + + // functions not garbage collected + free_all_functions(); } #endif *** ../vim-8.1.1484/src/userfunc.c 2019-06-01 13:28:30.269829512 +0200 --- src/userfunc.c 2019-06-06 18:57:47.970625188 +0200 *************** *** 4030,4040 **** int set_ref_in_call_stack(int copyID) { ! int abort = FALSE; ! funccall_T *fc; for (fc = current_funccal; fc != NULL; fc = fc->caller) abort = abort || set_ref_in_funccal(fc, copyID); return abort; } --- 4030,4047 ---- int set_ref_in_call_stack(int copyID) { ! int abort = FALSE; ! funccall_T *fc; ! funccal_entry_T *entry; for (fc = current_funccal; fc != NULL; fc = fc->caller) abort = abort || set_ref_in_funccal(fc, copyID); + + // Also go through the funccal_stack. + for (entry = funccal_stack; entry != NULL; entry = entry->next) + for (fc = entry->top_funccal; fc != NULL; fc = fc->caller) + abort = abort || set_ref_in_funccal(fc, copyID); + return abort; } *** ../vim-8.1.1484/src/version.c 2019-06-06 18:05:19.238273419 +0200 --- src/version.c 2019-06-06 18:59:31.333985583 +0200 *************** *** 769,770 **** --- 769,772 ---- { /* Add new patch number below this line */ + /**/ + 1485, /**/ -- To be rich is not the end, but only a change of worries. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///