Mercurial > vim

changeset 29004:c7e3721ec88f v8.2.5024

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.5024: using freed memory with "]d" Commit: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a Author: Bram Moolenaar <Bram@vim.org> Date: Thu May 26 16:32:44 2022 +0100 patch 8.2.5024: using freed memory with "]d" Problem: Using freed memory with "]d". Solution: Copy the pattern before searching.
author Bram Moolenaar <Bram@vim.org>
date Thu, 26 May 2022 17:45:03 +0200
parents 5113fc1ba2e2
children 177af01c5c4d
files src/normal.c src/testdir/test_tagjump.vim src/version.c
diffstat 3 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/normal.c
+++ b/src/normal.c
@@ -4464,6 +4464,11 @@ nv_brackets(cmdarg_T *cap)
 	    clearop(cap->oap);
 	else
 	{
+	    // Make a copy, if the line was changed it will be freed.
+	    ptr = vim_strnsave(ptr, len);
+	    if (ptr == NULL)
+		return;
+
 	    find_pattern_in_path(ptr, 0, len, TRUE,
 		cap->count0 == 0 ? !isupper(cap->nchar) : FALSE,
 		((cap->nchar & 0xf) == ('d' & 0xf)) ?  FIND_DEFINE : FIND_ANY,
@@ -4472,6 +4477,7 @@ nv_brackets(cmdarg_T *cap)
 			    islower(cap->nchar) ? ACTION_SHOW : ACTION_GOTO,
 		cap->cmdchar == ']' ? curwin->w_cursor.lnum + 1 : (linenr_T)1,
 		(linenr_T)MAXLNUM);
+	    vim_free(ptr);
 	    curwin->w_set_curswant = TRUE;
 	}
     }
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -1399,6 +1399,12 @@ func Test_define_search()
   sil norm o0
   sil! norm 
   bwipe!
+
+  new somefile
+  call setline(1, ['first line', '', '#define something 0'])
+  sil norm 0o0
+  sil! norm ]d
+  bwipe!
 endfunc
 
 " Test for [*, [/, ]* and ]/
--- a/src/version.c
+++ b/src/version.c
@@ -735,6 +735,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    5024,
+/**/
     5023,
 /**/
     5022,