thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity

patch 9.0.0246: using freed memory when 'tagfunc' deletes the buffer

Browse Source 
Problem:    Using freed memory when 'tagfunc' deletes the buffer.
Solution:   Make a copy of the tag name.
This commit is contained in:
Bram Moolenaar
2022-08-22 16:35:45 +01:00
parent 471c0fa3ee
commit adce965162
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/tag.c
View File

@@ -281,6 +281,7 @@ do_tag(
char_u *buf_ffname = curbuf->b_ffname; // name to use for
// priority computation
int use_tfu = 1;
char_u *tofree = NULL;
// remember the matches for the last used tag
static int num_matches = 0;
@@ -630,7 +631,12 @@ do_tag(
* When desired match not found yet, try to find it (and others).
*/
if (use_tagstack)
name = tagstack[tagstackidx].tagname;
{
// make a copy, the tagstack may change in 'tagfunc'
name = vim_strsave(tagstack[tagstackidx].tagname);
vim_free(tofree);
tofree = name;
}
#if defined(FEAT_QUICKFIX)
else if (g_do_tagpreview != 0)
name = ptag_entry.tagname;
@@ -922,6 +928,7 @@ end_do_tag:
g_do_tagpreview = 0; // don't do tag preview next time
# endif
vim_free(tofree);
#ifdef FEAT_CSCOPE
return jumped_to_tag;
#else