Mercurial > vim

changeset 9250:d82724272c61 v7.4.1908

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
commit https://github.com/vim/vim/commit/5ce4a0b96ab688b1ea2481c2516e2889ff6713bf Author: Bram Moolenaar <Bram@vim.org> Date: Wed Jun 8 20:17:23 2016 +0200 patch 7.4.1908 Problem: Netbeans uses uninitialzed pointer and freed memory. Solution: Set "buffer" at the right place (hint by Ken Takata)
author Christian Brabandt <cb@256bit.org>
date Wed, 08 Jun 2016 20:30:06 +0200
parents 1df574290be4
children fb1ca4d846d3
files src/netbeans.c src/version.c
diffstat 2 files changed, 28 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -393,7 +393,7 @@ netbeans_parse_messages(void)
 	if (node == NULL)
 	    break;	/* nothing to read */
 
-	/* Locate the first line in the first buffer. */
+	/* Locate the end of the first line in the first buffer. */
 	p = channel_first_nl(node);
 	if (p == NULL)
 	{
@@ -402,32 +402,35 @@ netbeans_parse_messages(void)
 	     * prepend the text to that buffer and delete this one.  */
 	    if (channel_collapse(nb_channel, PART_SOCK, TRUE) == FAIL)
 		return;
+	    continue;
+	}
+
+	/* There is a complete command at the start of the buffer.
+	 * Terminate it with a NUL.  When no more text is following unlink
+	 * the buffer.  Do this before executing, because new buffers can
+	 * be added while busy handling the command. */
+	*p++ = NUL;
+	if (*p == NUL)
+	{
+	    own_node = TRUE;
+	    buffer = channel_get(nb_channel, PART_SOCK);
+	    /* "node" is now invalid! */
 	}
 	else
 	{
-	    /* There is a complete command at the start of the buffer.
-	     * Terminate it with a NUL.  When no more text is following unlink
-	     * the buffer.  Do this before executing, because new buffers can
-	     * be added while busy handling the command. */
-	    *p++ = NUL;
-	    if (*p == NUL)
-	    {
-		own_node = TRUE;
-		channel_get(nb_channel, PART_SOCK);
-	    }
-	    else
-		own_node = FALSE;
-
-	    /* now, parse and execute the commands */
-	    nb_parse_cmd(node->rq_buffer);
-
-	    if (own_node)
-		/* buffer finished, dispose of it */
-		vim_free(node->rq_buffer);
-	    else
-		/* more follows, move it to the start */
-		channel_consume(nb_channel, PART_SOCK, (int)(p - buffer));
+	    own_node = FALSE;
+	    buffer = node->rq_buffer;
 	}
+
+	/* now, parse and execute the commands */
+	nb_parse_cmd(buffer);
+
+	if (own_node)
+	    /* buffer finished, dispose of it */
+	    vim_free(buffer);
+	else
+	    /* more follows, move it to the start */
+	    channel_consume(nb_channel, PART_SOCK, (int)(p - buffer));
     }
 }
 
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1908,
+/**/
     1907,
 /**/
     1906,