Mercurial > vim

diff src/tag.c @ 34372:d8c69a773456 v9.1.0115

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.1.0115: Using freed memory with full tag stack and user data Commit: https://github.com/vim/vim/commit/c86bff1771ed9c340f8f4433ae5530fd6de97980 Author: zeertzjq <zeertzjq@outlook.com> Date: Sun Feb 18 18:53:08 2024 +0100 patch 9.1.0115: Using freed memory with full tag stack and user data Problem: Using freed memory with full tag stack and user data (Konstantin Khlebnikov) Solution: Clear the user data pointer of the newest entry. (zeertzjq, Konstantin Khlebnikov) fixes: neovim/neovim#27498 closes: #14053 Co-authored-by: Konstantin Khlebnikov koct9i@gmail.com Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Konstantin Khlebnikov koct9i@gmail.com Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sun, 18 Feb 2024 19:00:03 +0100
parents 1629cc65d78d
children dd8f5311cee5
line wrap: on
line diff
--- a/src/tag.c
+++ b/src/tag.c
@@ -395,7 +395,7 @@ do_tag(
 		    tagstack_clear_entry(&tagstack[0]);
 		    for (i = 1; i < tagstacklen; ++i)
 			tagstack[i - 1] = tagstack[i];
-		    --tagstackidx;
+		    tagstack[--tagstackidx].user_data = NULL;
 		}
 
 		/*