Mercurial > vim

comparison src/drawline.c @ 32549:cceee401aa51 v9.0.1606

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1606: using freed memory when 'foldcolumn' is set Commit: https://github.com/vim/vim/commit/58e1e010454113a7c8a9b0327c54d2ee7d73d2fd Author: zeertzjq <zeertzjq@outlook.com> Date: Sun Jun 4 18:46:28 2023 +0100 patch 9.0.1606: using freed memory when 'foldcolumn' is set Problem: Using freed memory when 'foldcolumn' is set. Solution: Save extra pointer to free it later. (closes https://github.com/vim/vim/issues/12492)
author Bram Moolenaar <Bram@vim.org>
date Sun, 04 Jun 2023 20:00:04 +0200
parents 75e56c94316d
children 25f4c1d11344
comparison
equal deleted inserted replaced
32548:f9fe29a477a2 32549:cceee401aa51
148 int extra_for_textprop; // wlv.n_extra set for textprop 148 int extra_for_textprop; // wlv.n_extra set for textprop
149 149
150 // saved "extra" items for when draw_state becomes WL_LINE (again) 150 // saved "extra" items for when draw_state becomes WL_LINE (again)
151 int saved_n_extra; 151 int saved_n_extra;
152 char_u *saved_p_extra; 152 char_u *saved_p_extra;
153 char_u *saved_p_extra_free;
153 int saved_extra_attr; 154 int saved_extra_attr;
154 int saved_n_attr_skip; 155 int saved_n_attr_skip;
155 int saved_extra_for_textprop; 156 int saved_extra_for_textprop;
156 int saved_c_extra; 157 int saved_c_extra;
157 int saved_c_final; 158 int saved_c_final;
228 wlv->p_extra_free = alloc(MAX_MCO * fdc + 1); 229 wlv->p_extra_free = alloc(MAX_MCO * fdc + 1);
229 if (wlv->p_extra_free == NULL) 230 if (wlv->p_extra_free == NULL)
230 return; 231 return;
231 232
232 wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free, 233 wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
233 wp, FALSE, wlv->lnum); 234 wp, FALSE, wlv->lnum);
234 wlv->p_extra_free[wlv->n_extra] = NUL; 235 wlv->p_extra_free[wlv->n_extra] = NUL;
235 wlv->p_extra = wlv->p_extra_free; 236 wlv->p_extra = wlv->p_extra_free;
236 wlv->c_extra = NUL; 237 wlv->c_extra = NUL;
237 wlv->c_final = NUL; 238 wlv->c_final = NUL;
238 if (use_cursor_line_highlight(wp, wlv->lnum)) 239 if (use_cursor_line_highlight(wp, wlv->lnum))
977 { 978 {
978 // reset the drawing state for the start of a wrapped line 979 // reset the drawing state for the start of a wrapped line
979 wlv->draw_state = WL_START; 980 wlv->draw_state = WL_START;
980 wlv->saved_n_extra = wlv->n_extra; 981 wlv->saved_n_extra = wlv->n_extra;
981 wlv->saved_p_extra = wlv->p_extra; 982 wlv->saved_p_extra = wlv->p_extra;
983 vim_free(wlv->saved_p_extra_free);
984 wlv->saved_p_extra_free = wlv->p_extra_free;
985 wlv->p_extra_free = NULL;
982 wlv->saved_extra_attr = wlv->extra_attr; 986 wlv->saved_extra_attr = wlv->extra_attr;
983 wlv->saved_n_attr_skip = wlv->n_attr_skip; 987 wlv->saved_n_attr_skip = wlv->n_attr_skip;
984 wlv->saved_extra_for_textprop = wlv->extra_for_textprop; 988 wlv->saved_extra_for_textprop = wlv->extra_for_textprop;
985 wlv->saved_c_extra = wlv->c_extra; 989 wlv->saved_c_extra = wlv->c_extra;
986 wlv->saved_c_final = wlv->c_final; 990 wlv->saved_c_final = wlv->c_final;
1013 wlv->n_extra = wlv->saved_n_extra; 1017 wlv->n_extra = wlv->saved_n_extra;
1014 wlv->saved_n_extra = 0; 1018 wlv->saved_n_extra = 0;
1015 wlv->c_extra = wlv->saved_c_extra; 1019 wlv->c_extra = wlv->saved_c_extra;
1016 wlv->c_final = wlv->saved_c_final; 1020 wlv->c_final = wlv->saved_c_final;
1017 wlv->p_extra = wlv->saved_p_extra; 1021 wlv->p_extra = wlv->saved_p_extra;
1022 vim_free(wlv->p_extra_free);
1023 wlv->p_extra_free = wlv->saved_p_extra_free;
1024 wlv->saved_p_extra_free = NULL;
1018 wlv->extra_attr = wlv->saved_extra_attr; 1025 wlv->extra_attr = wlv->saved_extra_attr;
1019 wlv->n_attr_skip = wlv->saved_n_attr_skip; 1026 wlv->n_attr_skip = wlv->saved_n_attr_skip;
1020 wlv->extra_for_textprop = wlv->saved_extra_for_textprop; 1027 wlv->extra_for_textprop = wlv->saved_extra_for_textprop;
1021 wlv->char_attr = wlv->saved_char_attr; 1028 wlv->char_attr = wlv->saved_char_attr;
1022 } 1029 }
4117 vim_free(text_prop_idxs); 4124 vim_free(text_prop_idxs);
4118 vim_free(p_extra_free2); 4125 vim_free(p_extra_free2);
4119 #endif 4126 #endif
4120 4127
4121 vim_free(wlv.p_extra_free); 4128 vim_free(wlv.p_extra_free);
4129 vim_free(wlv.saved_p_extra_free);
4122 return wlv.row; 4130 return wlv.row;
4123 } 4131 }