Mercurial > vim
changeset 10367:4e4e116e3689 v8.0.0078
commit https://github.com/vim/vim/commit/63bed3d319b5d90765dbdae93a3579b6322d79fb
Author: Bram Moolenaar <Bram@vim.org>
Date: Sat Nov 12 15:36:54 2016 +0100
patch 8.0.0078
Problem: Accessing freed memory in quickfix.
Solution: Reset pointer when freeing 'errorformat'. (Domenique Pelle)
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sat, 12 Nov 2016 15:45:04 +0100 |
| parents | cedf99a9a1b1 |
| children | 5af80d389b65 |
| files | src/quickfix.c src/testdir/test_quickfix.vim src/version.c |
| diffstat | 3 files changed, 15 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/quickfix.c +++ b/src/quickfix.c @@ -114,6 +114,8 @@ struct efm_S int conthere; /* %> used */ }; +static efm_T *fmt_start = NULL; /* cached across qf_parse_line() calls */ + static int qf_init_ext(qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title); static void qf_store_title(qf_info_T *qi, char_u *title); static void qf_new_list(qf_info_T *qi, char_u *qf_title); @@ -389,6 +391,7 @@ free_efm_list(efm_T **efm_first) vim_regfree(efm_ptr->prog); vim_free(efm_ptr); } + fmt_start = NULL; } /* Parse 'errorformat' option */ @@ -786,7 +789,6 @@ qf_parse_line( qffields_T *fields) { efm_T *fmt_ptr; - static efm_T *fmt_start = NULL; /* cached across calls */ char_u *ptr; int len; int i;
--- a/src/testdir/test_quickfix.vim +++ b/src/testdir/test_quickfix.vim @@ -1648,3 +1648,13 @@ function! Test_Autocmd_Exception() set efm&vim endfunction + +function Test_caddbuffer() + " This used to cause a memory access in freed memory + let save_efm = &efm + set efm=%EEEE%m,%WWWW,%+CCCC%>%#,%GGGG%.# + cgetexpr ['WWWW', 'EEEE', 'CCCC'] + let &efm = save_efm + cad + bwipe! +endfunc