Mercurial > vim

changeset 28913:22f743798f84 v8.2.4979

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.4979: accessing freed memory when line is flushed Commit: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 Author: Bram Moolenaar <Bram@vim.org> Date: Wed May 18 16:29:08 2022 +0100 patch 8.2.4979: accessing freed memory when line is flushed Problem: Accessing freed memory when line is flushed. Solution: Make a copy of the pattern to search for.
author Bram Moolenaar <Bram@vim.org>
date Wed, 18 May 2022 17:30:03 +0200
parents 2ca7719992c9
children 868e70a39d73
files src/testdir/test_tagjump.vim src/version.c src/window.c
diffstat 3 files changed, 18 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -1392,6 +1392,15 @@ func Test_macro_search()
   close!
 endfunc
 
+func Test_define_search()
+  " this was accessing freed memory
+  new
+  call setline(1, ['first line', '', '#define something 0'])
+  sil norm o0
+  sil! norm 
+  bwipe!
+endfunc
+
 " Test for [*, [/, ]* and ]/
 func Test_comment_search()
   new
--- a/src/version.c
+++ b/src/version.c
@@ -747,6 +747,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    4979,
+/**/
     4978,
 /**/
     4977,
--- a/src/window.c
+++ b/src/window.c
@@ -579,9 +579,16 @@ wingotofile:
 		CHECK_CMDWIN;
 		if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0)
 		    break;
+
+		// Make a copy, if the line was changed it will be freed.
+		ptr = vim_strnsave(ptr, len);
+		if (ptr == NULL)
+		    break;
+
 		find_pattern_in_path(ptr, 0, len, TRUE,
 			Prenum == 0 ? TRUE : FALSE, type,
 			Prenum1, ACTION_SPLIT, (linenr_T)1, (linenr_T)MAXLNUM);
+		vim_free(ptr);
 		curwin->w_set_curswant = TRUE;
 		break;
 #endif