To: vim_dev@googlegroups.com Subject: Patch 8.2.0513 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.0513 Problem: Reading past allocated memory when using varargs. Solution: Fix copying function argument types. Files: src/vim9compile.c *** ../vim-8.2.0512/src/vim9compile.c 2020-04-05 17:07:59.414556253 +0200 --- src/vim9compile.c 2020-04-05 18:16:28.597491907 +0200 *************** *** 353,359 **** } /* ! * For a function type, reserve space for "argcount" argument types. */ static int func_type_add_arg_types( --- 353,360 ---- } /* ! * For a function type, reserve space for "argcount" argument types (including ! * vararg). */ static int func_type_add_arg_types( *************** *** 5823,5838 **** } { ! int argcount = ufunc->uf_args.ga_len ! + (ufunc->uf_va_name == NULL ? 0 : 1); // Create a type for the function, with the return type and any // argument types. ! ufunc->uf_func_type = get_func_type(ufunc->uf_ret_type, argcount, ! &ufunc->uf_type_list); ! if (argcount > 0) { ! if (func_type_add_arg_types(ufunc->uf_func_type, argcount, argcount - ufunc->uf_def_args.ga_len, &ufunc->uf_type_list) == FAIL) { --- 5824,5842 ---- } { ! int varargs = ufunc->uf_va_name != NULL; ! int argcount = ufunc->uf_args.ga_len - (varargs ? 1 : 0); // Create a type for the function, with the return type and any // argument types. ! // A vararg is included in uf_args.ga_len but not in uf_arg_types. ! // The type is included in "tt_args". ! ufunc->uf_func_type = get_func_type(ufunc->uf_ret_type, ! ufunc->uf_args.ga_len, &ufunc->uf_type_list); ! if (ufunc->uf_args.ga_len > 0) { ! if (func_type_add_arg_types(ufunc->uf_func_type, ! ufunc->uf_args.ga_len, argcount - ufunc->uf_def_args.ga_len, &ufunc->uf_type_list) == FAIL) { *************** *** 5850,5855 **** --- 5854,5862 ---- else mch_memmove(ufunc->uf_func_type->tt_args, ufunc->uf_arg_types, sizeof(type_T *) * argcount); + if (varargs) + ufunc->uf_func_type->tt_args[argcount] = + ufunc->uf_va_type == NULL ? &t_any : ufunc->uf_va_type; } } *** ../vim-8.2.0512/src/version.c 2020-04-05 17:07:59.418556237 +0200 --- src/version.c 2020-04-05 18:20:27.448626474 +0200 *************** *** 740,741 **** --- 740,743 ---- { /* Add new patch number below this line */ + /**/ + 513, /**/ -- Every person is responsible for the choices he makes. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///