patch 9.1.1400: [security]: use-after-free when evaluating tuple fails

Problem:  [security]: use-after-free when evaluating tuple fails
Solution: return early in case of an error (Yegappan Lakshmanan)

closes: #17351

Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

src/eval.c

@@ -5000,6 +5000,8 @@ eval9_nested_expr(
 	else
 	{
 	    ret = eval1(arg, rettv, evalarg);	// recursive!
+	    if (ret != OK)
+		return ret;
 
 	    *arg = skipwhite_and_linebreak(*arg, evalarg);
 

src/testdir/test_tuple.vim

@@ -1575,6 +1575,17 @@ func Test_try_finally_with_tuple_return()
   call v9.CheckSourceSuccess(lines)
 endfunc
 
+" Test for evaluating a recursive tuple that results in an error
+func Test_recursive_tuple_eval_fails()
+  let lines =<< trim END
+    call assert_fails(((((((((((((((('tag xyz', func2(pat, flags, infn)
+  END
+  call v9.CheckSourceLegacyAndVim9Failure(lines, [
+        \ 'E121: Undefined variable: pat',
+        \ 'E1001: Variable not found: pat',
+        \ 'E121: Undefined variable: pat'])
+endfunc
+
 " Test for add() with a tuple
 func Test_tuple_add()
   let lines =<< trim END

src/version.c

@@ -709,6 +709,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1400,
 /**/
     1399,
 /**/