Mercurial > vim
changeset 18045:af0b4ffab794 v8.1.2018
patch 8.1.2018: using freed memory when out of memory and displaying message
Commit: https://github.com/vim/vim/commit/e5fbd7393067c279860598ac8359d1617b1082b9
Author: Bram Moolenaar <Bram@vim.org>
Date: Mon Sep 9 20:04:13 2019 +0200
patch 8.1.2018: using freed memory when out of memory and displaying message
Problem: Using freed memory when out of memory and displaying message.
Solution: Make a copy of the message first.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Mon, 09 Sep 2019 20:15:03 +0200 |
parents | 062623edb7c8 |
children | 4b4c49dee5e6 |
files | src/main.c src/message.c src/normal.c src/version.c |
diffstat | 4 files changed, 24 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main.c +++ b/src/main.c @@ -1276,16 +1276,19 @@ main_loop( /* display message after redraw */ if (keep_msg != NULL) { - char_u *p; - - // msg_attr_keep() will set keep_msg to NULL, must free the - // string here. Don't reset keep_msg, msg_attr_keep() uses it - // to check for duplicates. Never put this message in history. - p = keep_msg; - msg_hist_off = TRUE; - msg_attr((char *)p, keep_msg_attr); - msg_hist_off = FALSE; - vim_free(p); + char_u *p = vim_strsave(keep_msg); + + if (p != NULL) + { + // msg_start() will set keep_msg to NULL, make a copy + // first. Don't reset keep_msg, msg_attr_keep() uses it to + // check for duplicates. Never put this message in + // history. + msg_hist_off = TRUE; + msg_attr((char *)p, keep_msg_attr); + msg_hist_off = FALSE; + vim_free(p); + } } if (need_fileinfo) /* show file info after redraw */ {
--- a/src/message.c +++ b/src/message.c @@ -168,11 +168,6 @@ msg_attr_keep( ch_log(NULL, "ERROR: %s", (char *)s); #endif - /* When displaying keep_msg, don't let msg_start() free it, caller must do - * that. */ - if ((char_u *)s == keep_msg) - keep_msg = NULL; - /* Truncate the message if needed. */ msg_start(); buf = msg_strtrunc((char_u *)s, FALSE);
--- a/src/normal.c +++ b/src/normal.c @@ -1182,12 +1182,17 @@ getcount: kmsg = keep_msg; keep_msg = NULL; - /* showmode() will clear keep_msg, but we want to use it anyway */ + // showmode() will clear keep_msg, but we want to use it anyway update_screen(0); - /* now reset it, otherwise it's put in the history again */ + // now reset it, otherwise it's put in the history again keep_msg = kmsg; - msg_attr((char *)kmsg, keep_msg_attr); - vim_free(kmsg); + + kmsg = vim_strsave(keep_msg); + if (kmsg != NULL) + { + msg_attr((char *)kmsg, keep_msg_attr); + vim_free(kmsg); + } } setcursor(); cursor_on();