Mercurial > vim

diff src/netbeans.c @ 22830:70eb58639009 v8.2.1962

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.1962: netbeans may access freed memory Commit: https://github.com/vim/vim/commit/32e5ec0b017adb68fe36adb9a9a362abdaffe7f4 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Nov 6 13:44:21 2020 +0100 patch 8.2.1962: netbeans may access freed memory Problem: Netbeans may access freed memory. Solution: Check the buffer pointer is still valid. Add a test. (Yegappan Lakshmanan, closes #7248)
author Bram Moolenaar <Bram@vim.org>
date Fri, 06 Nov 2020 13:45:04 +0100
parents 13f4aee01ce5
children 038eb6d9003a
line wrap: on
line diff
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -572,7 +572,7 @@ nb_free(void)
 	buf = buf_list[i];
 	vim_free(buf.displayname);
 	vim_free(buf.signmap);
-	if (buf.bufp != NULL)
+	if (buf.bufp != NULL && buf_valid(buf.bufp))
 	{
 	    buf.bufp->b_netbeans_file = FALSE;
 	    buf.bufp->b_was_netbeans_file = FALSE;
@@ -1943,15 +1943,13 @@ nb_do_cmd(
 	    if (STRLEN(fg) > MAX_COLOR_LENGTH || STRLEN(bg) > MAX_COLOR_LENGTH)
 	    {
 		emsg("E532: highlighting color name too long in defineAnnoType");
-		vim_free(typeName);
+		VIM_CLEAR(typeName);
 		parse_error = TRUE;
 	    }
 	    else if (typeName != NULL && tooltip != NULL && glyphFile != NULL)
 		addsigntype(buf, typeNum, typeName, tooltip, glyphFile, fg, bg);
-	    else
-		vim_free(typeName);
-
-	    // don't free typeName; it's used directly in addsigntype()
+
+	    vim_free(typeName);
 	    vim_free(fg);
 	    vim_free(bg);
 	    vim_free(tooltip);
@@ -3240,7 +3238,7 @@ addsigntype(
 	    }
 	}
 
-	globalsignmap[i] = (char *)typeName;
+	globalsignmap[i] = (char *)vim_strsave(typeName);
 	globalsignmapused = i + 1;
     }