Mercurial > vim

comparison src/register.c @ 26380:ac0e63cbf00b v8.2.3721

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.3721: using memory freed by losing the clipboard selection Commit: https://github.com/vim/vim/commit/9ac38129b6d409f73e29b1d51a5d459cf050410f Author: Bram Moolenaar <Bram@vim.org> Date: Thu Dec 2 18:42:33 2021 +0000 patch 8.2.3721: using memory freed by losing the clipboard selection Problem: Using memory freed by losing the clipboard selection. (Dominique Pell?) Solution: Check y_array is still valid after calling changed_lines(). (closes #9253)
author Bram Moolenaar <Bram@vim.org>
date Thu, 02 Dec 2021 19:45:03 +0100
parents ba835881a79e
children d742cb67b260
comparison
equal deleted inserted replaced
26379:f6e050c67b71 26380:ac0e63cbf00b
1548 int delcount; 1548 int delcount;
1549 int incr = 0; 1549 int incr = 0;
1550 long j; 1550 long j;
1551 struct block_def bd; 1551 struct block_def bd;
1552 char_u **y_array = NULL; 1552 char_u **y_array = NULL;
1553 yankreg_T *y_current_used = NULL;
1553 long nr_lines = 0; 1554 long nr_lines = 0;
1554 pos_T new_cursor; 1555 pos_T new_cursor;
1555 int indent; 1556 int indent;
1556 int orig_indent = 0; // init for gcc 1557 int orig_indent = 0; // init for gcc
1557 int indent_diff = 0; // init for gcc 1558 int indent_diff = 0; // init for gcc
1658 1659
1659 y_type = y_current->y_type; 1660 y_type = y_current->y_type;
1660 y_width = y_current->y_width; 1661 y_width = y_current->y_width;
1661 y_size = y_current->y_size; 1662 y_size = y_current->y_size;
1662 y_array = y_current->y_array; 1663 y_array = y_current->y_array;
1664 y_current_used = y_current;
1663 } 1665 }
1664 1666
1665 if (y_type == MLINE) 1667 if (y_type == MLINE)
1666 { 1668 {
1667 if (flags & PUT_LINE_SPLIT) 1669 if (flags & PUT_LINE_SPLIT)
2206 changed_lines(curwin->w_cursor.lnum, col, 2208 changed_lines(curwin->w_cursor.lnum, col,
2207 curwin->w_cursor.lnum + 1, nr_lines); 2209 curwin->w_cursor.lnum + 1, nr_lines);
2208 else 2210 else
2209 changed_lines(curbuf->b_op_start.lnum, 0, 2211 changed_lines(curbuf->b_op_start.lnum, 0,
2210 curbuf->b_op_start.lnum, nr_lines); 2212 curbuf->b_op_start.lnum, nr_lines);
2213 if (y_current_used != NULL && (y_current_used != y_current
2214 || y_current->y_array != y_array))
2215 {
2216 // Something invoked through changed_lines() has changed the
2217 // yank buffer, e.g. a GUI clipboard callback.
2218 emsg(_(e_yank_register_changed_while_using_it));
2219 goto end;
2220 }
2211 2221
2212 // Put the '] mark on the first byte of the last inserted character. 2222 // Put the '] mark on the first byte of the last inserted character.
2213 // Correct the length for change in indent. 2223 // Correct the length for change in indent.
2214 curbuf->b_op_end.lnum = new_lnum; 2224 curbuf->b_op_end.lnum = new_lnum;
2215 len = STRLEN(y_array[y_size - 1]); 2225 len = STRLEN(y_array[y_size - 1]);