From 6701abfb522ec1d2ac18a04495ea874b94496ca6 Mon Sep 17 00:00:00 2001 From: Christian Brabandt Date: Sun, 19 Nov 2023 10:52:50 +0100 Subject: patch 9.0.2115: crash when callback function aborts because of recursiveness Problem: crash when callback function aborts because of recursiveness Solution: correctly initialize rettv Initialize rettv in invoke_popup_callback() Since v9.0.2030, call_callback may exit early when the callback recurses too much. This meant that call_func, which would set rettv->v_type = VAR_UNKNOWN, was not being called. Without rettv->v_type being explicitly set, it still contained whatever garbage was used to initialize the stack value in invoke_popup_callback. This would lead to possible crashes when calling clear_tv(&rettv). Rather than rely on action at a distance, explicitly initialize rettv's type to VAR_UNKNOWN so clear_tv can tell nothing needs to be done. closes: #13495 closes: #13545 Signed-off-by: James McCoy Signed-off-by: Christian Brabandt --- src/popupwin.c | 2 ++ src/version.c | 2 ++ 2 files changed, 4 insertions(+) (limited to 'src') diff --git a/src/popupwin.c b/src/popupwin.c index de604858c4..64bb0b5be8 100644 --- a/src/popupwin.c +++ b/src/popupwin.c @@ -2382,6 +2382,8 @@ invoke_popup_callback(win_T *wp, typval_T *result) typval_T rettv; typval_T argv[3]; + rettv.v_type = VAR_UNKNOWN; + argv[0].v_type = VAR_NUMBER; argv[0].vval.v_number = (varnumber_T)wp->w_id; diff --git a/src/version.c b/src/version.c index 2a0a6e77dd..5dbfc5d083 100644 --- a/src/version.c +++ b/src/version.c @@ -704,6 +704,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 2115, /**/ 2114, /**/ -- cgit v1.2.3