Mercurial > vim

comparison src/eval.c @ 30437:d77a900f6094 v9.0.0554

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.0554: using freed memory when command follows lambda Commit: https://github.com/vim/vim/commit/f8addf1ca1d8c7801f6dded2341b7084d2b93e5e Author: Bram Moolenaar <Bram@vim.org> Date: Fri Sep 23 12:44:25 2022 +0100 patch 9.0.0554: using freed memory when command follows lambda Problem: Using freed memory when command follows lambda. Solution: Don't free what is still in use. (closes https://github.com/vim/vim/issues/11201)
author Bram Moolenaar <Bram@vim.org>
date Fri, 23 Sep 2022 13:45:06 +0200
parents 36f1b763ae16
children b1617545fcdf
comparison
equal deleted inserted replaced
30436:93abb8acf842 30437:d77a900f6094
380 void 380 void
381 clear_evalarg(evalarg_T *evalarg, exarg_T *eap) 381 clear_evalarg(evalarg_T *evalarg, exarg_T *eap)
382 { 382 {
383 if (evalarg != NULL) 383 if (evalarg != NULL)
384 { 384 {
385 if (evalarg->eval_tofree != NULL) 385 garray_T *etga = &evalarg->eval_tofree_ga;
386
387 if (evalarg->eval_tofree != NULL || evalarg->eval_using_cmdline)
386 { 388 {
387 if (eap != NULL) 389 if (eap != NULL)
388 { 390 {
389 // We may need to keep the original command line, e.g. for 391 // We may need to keep the original command line, e.g. for
390 // ":let" it has the variable names. But we may also need the 392 // ":let" it has the variable names. But we may also need
391 // new one, "nextcmd" points into it. Keep both. 393 // the new one, "nextcmd" points into it. Keep both.
392 vim_free(eap->cmdline_tofree); 394 vim_free(eap->cmdline_tofree);
393 eap->cmdline_tofree = *eap->cmdlinep; 395 eap->cmdline_tofree = *eap->cmdlinep;
394 *eap->cmdlinep = evalarg->eval_tofree; 396
397 if (evalarg->eval_using_cmdline && etga->ga_len > 0)
398 {
399 // "nextcmd" points into the last line in eval_tofree_ga,
400 // need to keep it around.
401 --etga->ga_len;
402 *eap->cmdlinep = ((char_u **)etga->ga_data)[etga->ga_len];
403 }
404 else
405 *eap->cmdlinep = evalarg->eval_tofree;
395 } 406 }
396 else 407 else
397 vim_free(evalarg->eval_tofree); 408 vim_free(evalarg->eval_tofree);
398 evalarg->eval_tofree = NULL; 409 evalarg->eval_tofree = NULL;
399 } 410 }
400 411
401 ga_clear_strings(&evalarg->eval_tofree_ga); 412 ga_clear_strings(etga);
402 VIM_CLEAR(evalarg->eval_tofree_lambda); 413 VIM_CLEAR(evalarg->eval_tofree_lambda);
403 } 414 }
404 } 415 }
405 416
406 /* 417 /*