Mercurial > vim
changeset 11380:2334a8ae9ff6 v8.0.0575
patch 8.0.0575: using freed memory when resetting 'indentexpr'
commit https://github.com/vim/vim/commit/a701b3b6f0f06ac0c9fcc75c6c34a1258fc3b1a2
Author: Bram Moolenaar <Bram@vim.org>
Date: Thu Apr 20 22:57:27 2017 +0200
patch 8.0.0575: using freed memory when resetting 'indentexpr'
Problem: Using freed memory when resetting 'indentexpr' while evaluating
it. (Dominique Pelle)
Solution: Make a copy of 'indentexpr'.
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Thu, 20 Apr 2017 23:00:03 +0200 |
| parents | ce8e9160eccc |
| children | 2671bb1e1c74 |
| files | src/misc1.c src/testdir/test_options.vim src/version.c |
| diffstat | 3 files changed, 26 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/misc1.c +++ b/src/misc1.c @@ -9252,6 +9252,7 @@ find_match(int lookfor, linenr_T ourscop get_expr_indent(void) { int indent; + char_u *inde_copy; pos_T save_pos; colnr_T save_curswant; int save_set_curswant; @@ -9268,7 +9269,16 @@ get_expr_indent(void) if (use_sandbox) ++sandbox; ++textlock; - indent = (int)eval_to_number(curbuf->b_p_inde); + + /* Need to make a copy, the 'indentexpr' option could be changed while + * evaluating it. */ + inde_copy = vim_strsave(curbuf->b_p_inde); + if (inde_copy != NULL) + { + indent = (int)eval_to_number(inde_copy); + vim_free(inde_copy); + } + if (use_sandbox) --sandbox; --textlock;
--- a/src/testdir/test_options.vim +++ b/src/testdir/test_options.vim @@ -319,3 +319,16 @@ func Test_set_values() throw 'Skipped: opt_test.vim does not exist' endif endfunc + +func ResetIndentexpr() + set indentexpr= +endfunc + +func Test_set_indentexpr() + " this was causing usage of freed memory + set indentexpr=ResetIndentexpr() + new + call feedkeys("i\<c-f>", 'x') + call assert_equal('', &indentexpr) + bwipe! +endfunc