Mercurial > vim

changeset 20031:6486f456b06a v8.2.0571

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.0571: double free when passing invalid argument to job_start() Commit: https://github.com/vim/vim/commit/0015795baafaf7983875f979f92339375fe5d8e2 Author: Bram Moolenaar <Bram@vim.org> Date: Mon Apr 13 17:44:47 2020 +0200 patch 8.2.0571: double free when passing invalid argument to job_start() Problem: Double free when passing invalid argument to job_start(). Solution: Clear the argument when freed. (Masato Nishihata, closes https://github.com/vim/vim/issues/5926)
author Bram Moolenaar <Bram@vim.org>
date Mon, 13 Apr 2020 17:45:03 +0200
parents dd4098fd958c
children f35f2d67f6c6
files src/misc2.c src/testdir/test_channel.vim src/version.c
diffstat 3 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -4356,7 +4356,10 @@ build_argv_from_list(list_T *l, char ***
 	    int i;
 
 	    for (i = 0; i < *argc; ++i)
+	    {
 		vim_free((*argv)[i]);
+		(*argv)[i] = NULL;
+	    }
 	    return FAIL;
 	}
 	(*argv)[*argc] = (char *)vim_strsave(s);
--- a/src/testdir/test_channel.vim
+++ b/src/testdir/test_channel.vim
@@ -1681,6 +1681,7 @@ func Test_job_start_fails()
   call assert_fails('let job = job_start(["   "])', 'E474:')
   call assert_fails('let job = job_start("")', 'E474:')
   call assert_fails('let job = job_start("   ")', 'E474:')
+  call assert_fails('let job = job_start(["ls", []])', 'E730:')
   %bw!
 endfunc
 
--- a/src/version.c
+++ b/src/version.c
@@ -739,6 +739,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    571,
+/**/
     570,
 /**/
     569,