Mercurial > vim

diff src/usercmd.c @ 26498:e36aefc588c2 v8.2.3779

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.3779: using freed memory when defining a user command recursively Commit: https://github.com/vim/vim/commit/205f29c3e9b895dbaa4f738046da455a93c3812a Author: Bram Moolenaar <Bram@vim.org> Date: Fri Dec 10 21:46:09 2021 +0000 patch 8.2.3779: using freed memory when defining a user command recursively Problem: Using freed memory when defining a user command from a user command. Solution: Do not use the command pointer after executing the command. (closes #9318)
author Bram Moolenaar <Bram@vim.org>
date Fri, 10 Dec 2021 23:00:04 +0100
parents 1bbb884c8561
children 2aeea8611342
line wrap: on
line diff
--- a/src/usercmd.c
+++ b/src/usercmd.c
@@ -1670,7 +1670,8 @@ do_ucmd(exarg_T *eap)
     size_t	split_len = 0;
     char_u	*split_buf = NULL;
     ucmd_T	*cmd;
-    sctx_T	save_current_sctx = current_sctx;
+    sctx_T	save_current_sctx;
+    int		restore_current_sctx = FALSE;
 
     if (eap->cmdidx == CMD_USER)
 	cmd = USER_CMD(eap->useridx);
@@ -1771,14 +1772,20 @@ do_ucmd(exarg_T *eap)
 
     if ((cmd->uc_argt & EX_KEEPSCRIPT) == 0)
     {
+	restore_current_sctx = TRUE;
+	save_current_sctx = current_sctx;
 	current_sctx.sc_version = cmd->uc_script_ctx.sc_version;
 #ifdef FEAT_EVAL
 	current_sctx.sc_sid = cmd->uc_script_ctx.sc_sid;
 #endif
     }
+
     (void)do_cmdline(buf, eap->getline, eap->cookie,
 				   DOCMD_VERBOSE|DOCMD_NOWAIT|DOCMD_KEYTYPED);
-    if ((cmd->uc_argt & EX_KEEPSCRIPT) == 0)
+
+    // Careful: Do not use "cmd" here, it may have become invalid if a user
+    // command was added.
+    if (restore_current_sctx)
 	current_sctx = save_current_sctx;
     vim_free(buf);
     vim_free(split_buf);