aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-23 03:43:49 -04:00
Code Activity

patch 8.2.3560: using freed memory with lambda

Browse Source 
Problem:    Using freed memory with lambda.
Solution:   Do not free lines early, keep them until the expression is
            finished.
This commit is contained in:
Bram Moolenaar
2021-10-23 13:32:30 +01:00
parent ee56f3f119
commit 844fb64a60
8 changed files with 63 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/vim9compile.c
View File

@@ -3702,7 +3702,7 @@ compile_lambda(char_u **arg, cctx_T *cctx)
ufunc_T *ufunc;
evalarg_T evalarg;
CLEAR_FIELD(evalarg);
init_evalarg(&evalarg);
evalarg.eval_flags = EVAL_EVALUATE;
evalarg.eval_cctx = cctx;
@@ -3733,11 +3733,13 @@ compile_lambda(char_u **arg, cctx_T *cctx)
compile_def_function(ufunc, FALSE, CT_NONE, cctx);
#endif
// evalarg.eval_tofree_cmdline may have a copy of the last line and "*arg"
// points into it. Point to the original line to avoid a dangling pointer.
if (evalarg.eval_tofree_cmdline != NULL)
// The last entry in evalarg.eval_tofree_ga is a copy of the last line and
// "*arg" may point into it. Point into the original line to avoid a
// dangling pointer.
if (evalarg.eval_using_cmdline)
{
size_t off = *arg - evalarg.eval_tofree_cmdline;
garray_T *gap = &evalarg.eval_tofree_ga;
size_t off = *arg - ((char_u **)gap->ga_data)[gap->ga_len - 1];
*arg = ((char_u **)cctx->ctx_ufunc->uf_lines.ga_data)[cctx->ctx_lnum]
+ off;
@@ -4201,9 +4203,10 @@ skip_expr_cctx(char_u **arg, cctx_T *cctx)
{
evalarg_T evalarg;
CLEAR_FIELD(evalarg);
init_evalarg(&evalarg);
evalarg.eval_cctx = cctx;
skip_expr(arg, &evalarg);
clear_evalarg(&evalarg, NULL);
}
/*