patch 9.1.0688: Vim9: dereferences NULL pointer in check_type_is_value()

chrisbra · chrisbra · commit 25618fc9eacc · 2024-08-22T21:25:18.000+02:00
Problem:  Vim9: dereferences NULL pointer in check_type_is_value()
          (Suyue Guo)
Solution: Verify that the pointer is not Null

fixes: #15540
closes: #15545

Signed-off-by: Christian Brabandt &lt;cb@256bit.org&gt;
diff --git a/src/testdir/test_vim9_cmd.vim b/src/testdir/test_vim9_cmd.vim
@@ -2036,6 +2036,14 @@ def Test_no_space_after_command()
   v9.CheckDefExecAndScriptFailure(lines, 'E486:', 1)
 enddef
 
+def Test_lambda_crash()
+  # This used to crash Vim
+  var lines =<< trim END
+    vim9 () => super      => {
+  END
+  v9.CheckScriptFailureList(lines, ["E1356:", "E1405:"])
+enddef
+
 " Test for the 'previewpopup' option
 def Test_previewpopup()
   set previewpopup=height:10,width:60
@@ -2044,6 +2052,7 @@ def Test_previewpopup()
   assert_notequal(id, 0)
   assert_match('Xppfile', popup_getoptions(id).title)
   popup_clear()
+  bw Xppfile
   set previewpopup&
 enddef
 
diff --git a/src/version.c b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    688,
 /**/
     687,
 /**/
diff --git a/src/vim9type.c b/src/vim9type.c
@@ -2138,12 +2138,13 @@ check_type_is_value(type_T *type)
     switch (type->tt_type)
     {
 	case VAR_CLASS:
-	    if (IS_ENUM(type->tt_class))
+	    if (type->tt_class != NULL && IS_ENUM(type->tt_class))
 		semsg(_(e_using_enum_as_value_str),
 			type->tt_class->class_name);
 	    else
 		semsg(_(e_using_class_as_value_str),
-			type->tt_class->class_name);
+			type->tt_class == NULL ? (char_u *)""
+			: type->tt_class->class_name);
 	    return FAIL;
 
 	case VAR_TYPEALIAS:
