• R/O
  • SSH

vim: Commit

Mirror of the Vim source from https://github.com/vim/vim


Commit MetaInfo

Revisionaf0b4ffab794dd1e332376c7012b5bda9633719f (tree)
Time2019-09-10 03:15:03
AuthorBram Moolenaar <Bram@vim....>
CommiterBram Moolenaar

Log Message

patch 8.1.2018: using freed memory when out of memory and displaying message

Commit: https://github.com/vim/vim/commit/e5fbd7393067c279860598ac8359d1617b1082b9
Author: Bram Moolenaar <Bram@vim.org>
Date: Mon Sep 9 20:04:13 2019 +0200

patch 8.1.2018: using freed memory when out of memory and displaying message
Problem: Using freed memory when out of memory and displaying message.
Solution: Make a copy of the message first.

Change Summary

Incremental Difference

diff -r 062623edb7c8 -r af0b4ffab794 src/main.c
--- a/src/main.c Mon Sep 09 18:45:05 2019 +0200
+++ b/src/main.c Mon Sep 09 20:15:03 2019 +0200
@@ -1276,16 +1276,19 @@
12761276 /* display message after redraw */
12771277 if (keep_msg != NULL)
12781278 {
1279- char_u *p;
1280-
1281- // msg_attr_keep() will set keep_msg to NULL, must free the
1282- // string here. Don't reset keep_msg, msg_attr_keep() uses it
1283- // to check for duplicates. Never put this message in history.
1284- p = keep_msg;
1285- msg_hist_off = TRUE;
1286- msg_attr((char *)p, keep_msg_attr);
1287- msg_hist_off = FALSE;
1288- vim_free(p);
1279+ char_u *p = vim_strsave(keep_msg);
1280+
1281+ if (p != NULL)
1282+ {
1283+ // msg_start() will set keep_msg to NULL, make a copy
1284+ // first. Don't reset keep_msg, msg_attr_keep() uses it to
1285+ // check for duplicates. Never put this message in
1286+ // history.
1287+ msg_hist_off = TRUE;
1288+ msg_attr((char *)p, keep_msg_attr);
1289+ msg_hist_off = FALSE;
1290+ vim_free(p);
1291+ }
12891292 }
12901293 if (need_fileinfo) /* show file info after redraw */
12911294 {
diff -r 062623edb7c8 -r af0b4ffab794 src/message.c
--- a/src/message.c Mon Sep 09 18:45:05 2019 +0200
+++ b/src/message.c Mon Sep 09 20:15:03 2019 +0200
@@ -168,11 +168,6 @@
168168 ch_log(NULL, "ERROR: %s", (char *)s);
169169 #endif
170170
171- /* When displaying keep_msg, don't let msg_start() free it, caller must do
172- * that. */
173- if ((char_u *)s == keep_msg)
174- keep_msg = NULL;
175-
176171 /* Truncate the message if needed. */
177172 msg_start();
178173 buf = msg_strtrunc((char_u *)s, FALSE);
diff -r 062623edb7c8 -r af0b4ffab794 src/normal.c
--- a/src/normal.c Mon Sep 09 18:45:05 2019 +0200
+++ b/src/normal.c Mon Sep 09 20:15:03 2019 +0200
@@ -1182,12 +1182,17 @@
11821182
11831183 kmsg = keep_msg;
11841184 keep_msg = NULL;
1185- /* showmode() will clear keep_msg, but we want to use it anyway */
1185+ // showmode() will clear keep_msg, but we want to use it anyway
11861186 update_screen(0);
1187- /* now reset it, otherwise it's put in the history again */
1187+ // now reset it, otherwise it's put in the history again
11881188 keep_msg = kmsg;
1189- msg_attr((char *)kmsg, keep_msg_attr);
1190- vim_free(kmsg);
1189+
1190+ kmsg = vim_strsave(keep_msg);
1191+ if (kmsg != NULL)
1192+ {
1193+ msg_attr((char *)kmsg, keep_msg_attr);
1194+ vim_free(kmsg);
1195+ }
11911196 }
11921197 setcursor();
11931198 cursor_on();
diff -r 062623edb7c8 -r af0b4ffab794 src/version.c
--- a/src/version.c Mon Sep 09 18:45:05 2019 +0200
+++ b/src/version.c Mon Sep 09 20:15:03 2019 +0200
@@ -758,6 +758,8 @@
758758 static int included_patches[] =
759759 { /* Add new patch number below this line */
760760 /**/
761+ 2018,
762+/**/
761763 2017,
762764 /**/
763765 2016,
Show on old repository browser