Mercurial > vim

changeset 34372:d8c69a773456 v9.1.0115

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.1.0115: Using freed memory with full tag stack and user data Commit: https://github.com/vim/vim/commit/c86bff1771ed9c340f8f4433ae5530fd6de97980 Author: zeertzjq <zeertzjq@outlook.com> Date: Sun Feb 18 18:53:08 2024 +0100 patch 9.1.0115: Using freed memory with full tag stack and user data Problem: Using freed memory with full tag stack and user data (Konstantin Khlebnikov) Solution: Clear the user data pointer of the newest entry. (zeertzjq, Konstantin Khlebnikov) fixes: neovim/neovim#27498 closes: #14053 Co-authored-by: Konstantin Khlebnikov koct9i@gmail.com Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Konstantin Khlebnikov koct9i@gmail.com Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sun, 18 Feb 2024 19:00:03 +0100
parents 893d9f64c87b
children ceb48e87f5c0
files runtime/doc/testing.txt src/tag.c src/testdir/test_tagjump.vim src/version.c
diffstat 4 files changed, 26 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/runtime/doc/testing.txt
+++ b/runtime/doc/testing.txt
@@ -1,4 +1,4 @@
-*testing.txt*	For Vim version 9.1.  Last change: 2024 Jan 23
+*testing.txt*	For Vim version 9.1.  Last change: 2024 Feb 18
 
 
 		  VIM REFERENCE MANUAL	  by Bram Moolenaar
--- a/src/tag.c
+++ b/src/tag.c
@@ -395,7 +395,7 @@ do_tag(
 		    tagstack_clear_entry(&tagstack[0]);
 		    for (i = 1; i < tagstacklen; ++i)
 			tagstack[i - 1] = tagstack[i];
-		    --tagstackidx;
+		    tagstack[--tagstackidx].user_data = NULL;
 		}
 
 		/*
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -900,18 +900,33 @@ func Test_tag_stack()
   endfor
   call writefile(l, 'Xfoo', 'D')
 
+  enew
   " Jump to a tag when the tag stack is full. Oldest entry should be removed.
-  enew
   for i in range(10, 30)
     exe "tag var" .. i
   endfor
-  let l = gettagstack()
-  call assert_equal(20, l.length)
-  call assert_equal('var11', l.items[0].tagname)
+  let t = gettagstack()
+  call assert_equal(20, t.length)
+  call assert_equal('var11', t.items[0].tagname)
+  let full = deepcopy(t.items)
   tag var31
-  let l = gettagstack()
-  call assert_equal('var12', l.items[0].tagname)
-  call assert_equal('var31', l.items[19].tagname)
+  let t = gettagstack()
+  call assert_equal('var12', t.items[0].tagname)
+  call assert_equal('var31', t.items[19].tagname)
+
+  " Jump to a tag when the tag stack is full, but with user data this time.
+  call foreach(full, {i, item -> extend(item, {'user_data': $'udata{i}'})})
+  call settagstack(0, {'items': full})
+  let t = gettagstack()
+  call assert_equal(20, t.length)
+  call assert_equal('var11', t.items[0].tagname)
+  call assert_equal('udata0', t.items[0].user_data)
+  tag var31
+  let t = gettagstack()
+  call assert_equal('var12', t.items[0].tagname)
+  call assert_equal('udata1', t.items[0].user_data)
+  call assert_equal('var31', t.items[19].tagname)
+  call assert_false(has_key(t.items[19], 'user_data'))
 
   " Use tnext with a single match
   call assert_fails('tnext', 'E427:')
--- a/src/version.c
+++ b/src/version.c
@@ -705,6 +705,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    115,
+/**/
     114,
 /**/
     113,