Mercurial > vim

diff src/eval.c @ 30437:d77a900f6094 v9.0.0554

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.0554: using freed memory when command follows lambda Commit: https://github.com/vim/vim/commit/f8addf1ca1d8c7801f6dded2341b7084d2b93e5e Author: Bram Moolenaar <Bram@vim.org> Date: Fri Sep 23 12:44:25 2022 +0100 patch 9.0.0554: using freed memory when command follows lambda Problem: Using freed memory when command follows lambda. Solution: Don't free what is still in use. (closes https://github.com/vim/vim/issues/11201)
author Bram Moolenaar <Bram@vim.org>
date Fri, 23 Sep 2022 13:45:06 +0200
parents 36f1b763ae16
children b1617545fcdf
line wrap: on
line diff
--- a/src/eval.c
+++ b/src/eval.c
@@ -382,23 +382,34 @@ clear_evalarg(evalarg_T *evalarg, exarg_
 {
     if (evalarg != NULL)
     {
-	if (evalarg->eval_tofree != NULL)
+	garray_T *etga = &evalarg->eval_tofree_ga;
+
+	if (evalarg->eval_tofree != NULL || evalarg->eval_using_cmdline)
 	{
 	    if (eap != NULL)
 	    {
 		// We may need to keep the original command line, e.g. for
-		// ":let" it has the variable names.  But we may also need the
-		// new one, "nextcmd" points into it.  Keep both.
+		// ":let" it has the variable names.  But we may also need
+		// the new one, "nextcmd" points into it.  Keep both.
 		vim_free(eap->cmdline_tofree);
 		eap->cmdline_tofree = *eap->cmdlinep;
-		*eap->cmdlinep = evalarg->eval_tofree;
+
+		if (evalarg->eval_using_cmdline && etga->ga_len > 0)
+		{
+		    // "nextcmd" points into the last line in eval_tofree_ga,
+		    // need to keep it around.
+		    --etga->ga_len;
+		    *eap->cmdlinep = ((char_u **)etga->ga_data)[etga->ga_len];
+		}
+		else
+		    *eap->cmdlinep = evalarg->eval_tofree;
 	    }
 	    else
 		vim_free(evalarg->eval_tofree);
 	    evalarg->eval_tofree = NULL;
 	}
 
-	ga_clear_strings(&evalarg->eval_tofree_ga);
+	ga_clear_strings(etga);
 	VIM_CLEAR(evalarg->eval_tofree_lambda);
     }
 }