On Fr, 13 Mär 2015, Christian Brabandt wrote:
> the Neovim¹ project detected a use-after-free when loading a
> colorscheme.
Oops, sorry, slightly better patch:
diff --git a/src/syntax.c b/src/syntax.c
--- a/src/syntax.c
+++ b/src/syntax.c
@@ -6988,8 +6988,16 @@ init_highlight(both, reset)
* and 'background' or 't_Co' is changed.
*/
p = get_var_value((char_u *)"g:colors_name");
- if (p != NULL && load_colors(p) == OK)
- return;
+ if (p != NULL)
+ {
+ /* Value of g:colors_name could be freed in load_colors()
+ * and make p invalid, so copy it. */
+ char_u *copy_p = vim_strsave(p);
+ int ok = load_colors(copy_p);
+ vim_free(copy_p);
+ if (ok)
+ return;
+ }
#endif
/*
Best,
Christian
--
Lieber Sommersprossen, als gar keine Gesichtspunkte.
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
