Mercurial > vim
changeset 28913:22f743798f84 v8.2.4979
patch 8.2.4979: accessing freed memory when line is flushed
Commit: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5
Author: Bram Moolenaar <Bram@vim.org>
Date: Wed May 18 16:29:08 2022 +0100
patch 8.2.4979: accessing freed memory when line is flushed
Problem: Accessing freed memory when line is flushed.
Solution: Make a copy of the pattern to search for.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Wed, 18 May 2022 17:30:03 +0200 |
parents | 2ca7719992c9 |
children | 868e70a39d73 |
files | src/testdir/test_tagjump.vim src/version.c src/window.c |
diffstat | 3 files changed, 18 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/testdir/test_tagjump.vim +++ b/src/testdir/test_tagjump.vim @@ -1392,6 +1392,15 @@ func Test_macro_search() close! endfunc +func Test_define_search() + " this was accessing freed memory + new + call setline(1, ['first line', '', '#define something 0']) + sil norm o0 + sil! norm + bwipe! +endfunc + " Test for [*, [/, ]* and ]/ func Test_comment_search() new
--- a/src/version.c +++ b/src/version.c @@ -747,6 +747,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 4979, +/**/ 4978, /**/ 4977,
--- a/src/window.c +++ b/src/window.c @@ -579,9 +579,16 @@ wingotofile: CHECK_CMDWIN; if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0) break; + + // Make a copy, if the line was changed it will be freed. + ptr = vim_strnsave(ptr, len); + if (ptr == NULL) + break; + find_pattern_in_path(ptr, 0, len, TRUE, Prenum == 0 ? TRUE : FALSE, type, Prenum1, ACTION_SPLIT, (linenr_T)1, (linenr_T)MAXLNUM); + vim_free(ptr); curwin->w_set_curswant = TRUE; break; #endif