Skip to content

Commit

Permalink
patch 8.2.4979: accessing freed memory when line is flushed
Browse files Browse the repository at this point in the history 
Problem:    Accessing freed memory when line is flushed.
Solution:   Make a copy of the pattern to search for.
  • Loading branch information
@brammool
brammool committed May 18, 2022
1 parent 360da40 commit 28d032c
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/testdir/test_tagjump.vim
View file
Expand Up @@ -1392,6 +1392,15 @@ func Test_macro_search()
close!
endfunc

func Test_define_search()
" this was accessing freed memory
new
call setline(1, ['first line', '', '#define something 0'])
sil norm o0
sil! norm 
bwipe!
endfunc

" Test for [*, [/, ]* and ]/
func Test_comment_search()
new
Expand Down
2 changes: 2 additions & 0 deletions src/version.c
View file
Expand Up @@ -746,6 +746,8 @@ static char *(features[]) =

static int included_patches[] =
{ /* Add new patch number below this line */
/**/
4979,
/**/
4978,
/**/
Expand Down
7 changes: 7 additions & 0 deletions src/window.c
View file
Expand Up @@ -579,9 +579,16 @@ do_window(
CHECK_CMDWIN;
if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0)
break;

// Make a copy, if the line was changed it will be freed.
ptr = vim_strnsave(ptr, len);
if (ptr == NULL)
break;

find_pattern_in_path(ptr, 0, len, TRUE,
Prenum == 0 ? TRUE : FALSE, type,
Prenum1, ACTION_SPLIT, (linenr_T)1, (linenr_T)MAXLNUM);
vim_free(ptr);
curwin->w_set_curswant = TRUE;
break;
#endif
Expand Down

0 comments on commit 28d032c

Please sign in to comment.