aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-07-26 11:04:33 -04:00
Code

patch 8.2.4979: accessing freed memory when line is flushed

Browse Source 
Problem:    Accessing freed memory when line is flushed.
Solution:   Make a copy of the pattern to search for.
This commit is contained in:
Bram Moolenaar 2022-05-18 16:29:08 +01:00
parent 360da40b47
commit 28d032cc68
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/testdir/test_tagjump.vim
View File

@ -1392,6 +1392,15 @@ func Test_macro_search()
close! close!
endfunc endfunc
func Test_define_search()
" this was accessing freed memory
new
call setline(1, ['first line', '', '#define something 0'])
sil norm o0
sil! norm 
bwipe!
endfunc
" Test for [*, [/, ]* and ]/ " Test for [*, [/, ]* and ]/
func Test_comment_search() func Test_comment_search()
new new

2
src/version.c
View File

@ -746,6 +746,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
4979,
/**/ /**/
4978, 4978,
/**/ /**/

7
src/window.c
View File

@ -579,9 +579,16 @@ wingotofile:
CHECK_CMDWIN; CHECK_CMDWIN;
if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0) if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0)
break; break;
// Make a copy, if the line was changed it will be freed.
ptr = vim_strnsave(ptr, len);
if (ptr == NULL)
break;
find_pattern_in_path(ptr, 0, len, TRUE, find_pattern_in_path(ptr, 0, len, TRUE,
Prenum == 0 ? TRUE : FALSE, type, Prenum == 0 ? TRUE : FALSE, type,
Prenum1, ACTION_SPLIT, (linenr_T)1, (linenr_T)MAXLNUM); Prenum1, ACTION_SPLIT, (linenr_T)1, (linenr_T)MAXLNUM);
vim_free(ptr);
curwin->w_set_curswant = TRUE; curwin->w_set_curswant = TRUE;
break; break;
#endif #endif