Mercurial > vim
changeset 21070:87e85a13e9cf v8.2.1086
patch 8.2.1086: possibly using freed memory when text properties used
Commit: https://github.com/vim/vim/commit/cf30643ae607ae1a97b50e19c622dc8303723fa2
Author: Bram Moolenaar <Bram@vim.org>
Date: Mon Jun 29 20:40:37 2020 +0200
patch 8.2.1086: possibly using freed memory when text properties used
Problem: Possibly using freed memory when text properties used when
changing indent of a line.
Solution: Compute the offset before calling ml_replace().
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Mon, 29 Jun 2020 20:45:04 +0200 |
parents | bb3674ff2c25 |
children | 80ed45189526 |
files | src/indent.c src/version.c |
diffstat | 2 files changed, 12 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/indent.c +++ b/src/indent.c @@ -757,6 +757,10 @@ set_indent( // Replace the line (unless undo fails). if (!(flags & SIN_UNDO) || u_savesub(curwin->w_cursor.lnum) == OK) { + colnr_T old_offset = (colnr_T)(p - oldline); + colnr_T new_offset = (colnr_T)(s - newline); + + // this may free "newline" ml_replace(curwin->w_cursor.lnum, newline, FALSE); if (flags & SIN_CHANGED) changed_bytes(curwin->w_cursor.lnum, 0); @@ -764,24 +768,24 @@ set_indent( // Correct saved cursor position if it is in this line. if (saved_cursor.lnum == curwin->w_cursor.lnum) { - if (saved_cursor.col >= (colnr_T)(p - oldline)) + if (saved_cursor.col >= old_offset) // cursor was after the indent, adjust for the number of // bytes added/removed - saved_cursor.col += ind_len - (colnr_T)(p - oldline); - else if (saved_cursor.col >= (colnr_T)(s - newline)) + saved_cursor.col += ind_len - old_offset; + else if (saved_cursor.col >= new_offset) // cursor was in the indent, and is now after it, put it back // at the start of the indent (replacing spaces with TAB) - saved_cursor.col = (colnr_T)(s - newline); + saved_cursor.col = new_offset; } #ifdef FEAT_PROP_POPUP { - int added = ind_len - (colnr_T)(p - oldline); + int added = ind_len - old_offset; // When increasing indent this behaves like spaces were inserted at // the old indent, when decreasing indent it behaves like spaces // were deleted at the new indent. adjust_prop_columns(curwin->w_cursor.lnum, - (colnr_T)(added > 0 ? (p - oldline) : ind_len), added, 0); + added > 0 ? old_offset : (colnr_T)ind_len, added, 0); } #endif retval = TRUE;