diff options
| author | Yegappan Lakshmanan <yegappan@yahoo.com> | 2024-01-12 17:21:55 +0100 |
|---|---|---|
| committer | Christian Brabandt <cb@256bit.org> | 2024-01-12 17:27:02 +0100 |
| commit | 28d71b566a29ceea3a2d05bcee9264ed5d630d42 (patch) | |
| tree | 33c4636d5b8adf94766f6be78042ef463cbd3c31 /src/testdir/test_vim9_script.vim | |
| parent | 71d0ba07a33a750e9834cd42b7acc619043dedb1 (diff) | |
patch 9.1.0017: [security]: use-after-free in eval1_emsg()v9.1.0017
Problem: use-after-free in eval1_emsg() when an empty
line follows a lambda (by @yu3s)
Solution: only set evalarg->eval_using_cmdline = FALSE when
the *arg pointer is not null
fixes: #13833
closes: #13841
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/testdir/test_vim9_script.vim')
| -rw-r--r-- | src/testdir/test_vim9_script.vim | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/testdir/test_vim9_script.vim b/src/testdir/test_vim9_script.vim index 7ae4d553e3..77b8831d45 100644 --- a/src/testdir/test_vim9_script.vim +++ b/src/testdir/test_vim9_script.vim @@ -4906,6 +4906,31 @@ def Test_for_stmt_space_before_type() v9.CheckSourceFailure(lines, 'E1059: No white space allowed before colon: :number in range(10)', 2) enddef +" This test used to cause an use-after-free memory access +def Test_for_empty_line_after_lambda() + var lines =<< trim END + vim9script + echomsg range(0, 2)->map((_, v) => { + return 1 + }) + + assert_equal('[1, 1, 1]', v:statusmsg) + END + v9.CheckSourceSuccess(lines) + + lines =<< trim END + vim9script + echomsg range(0, 1)->map((_, v) => { + return 1 + }) range(0, 1)->map((_, v) => { + return 2 + }) # comment + + assert_equal('[1, 1] [2, 2]', v:statusmsg) + END + v9.CheckSourceSuccess(lines) +enddef + " Keep this last, it messes up highlighting. def Test_substitute_cmd() new |