Ozaki Kiichi wrote: > Simply reproducable sample: > > test.vim > > ``` > try > throw 'excp' > catch > " > endtry > > fu! TimerFunc(...) > echoerr 'oops' > endfu > > call timer_start(1, 'TimerFunc') > ``` > > vim -Nu test.vim > > cause: > > At finishing above try-catch-endtry, "current_exception" has directed a > dangling pointer (already freed). > Therefore, after emsg() is called in timer-callback, "current_exception" is > double-freed. > (at discard_current_exception() in check_due_timer(), ex_cmds2.c:L1239) > > details: > > * ex_throw() -> throw_exception() sets current_exception (ex_eval.c:L575) > * ex_catch() sets did_throw to FALSE > * ex_endtry() -> cleanup_conditionals() -> finish_exception() -> > discard_exception() frees cstack->cs_exception[idx] (== current_exception) > * but, did_throw is already FALSE, discard_current_exception() is not called > from anyone (except check_due_timer()). > * thus current_exception is not cleanup and keeps freed pointer.
Thanks, that helps a lot to check what happens and verify the fix. It doesn't work in a test, since those are run inside a try/catch. The solution is to check whether did_throw is set. I will also clear current_exception in places where it should no longer be used. -- Never eat yellow snow. /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
