Patch 8.1.0738
Problem: Using freed memory, for loop over blob leaks memory.
Solution: Clear pointer after freeing memory. Decrement reference count
after for loop over blob.
Files: src/eval.c
*** ../vim-8.1.0737/src/eval.c 2019-01-13 15:41:58.937718637 +0100
--- src/eval.c 2019-01-13 16:01:12.357352208 +0100
***************
*** 2615,2620 ****
--- 2615,2622 ----
clear_tv(&tv);
else
{
+ // No need to increment the refcount, it's already set for
+ // the blob being used in "tv".
fi->fi_blob = b;
fi->fi_bi = 0;
}
***************
*** 2684,2689 ****
--- 2686,2693 ----
list_rem_watch(fi->fi_list, &fi->fi_lw);
list_unref(fi->fi_list);
}
+ if (fi != NULL && fi->fi_blob != NULL)
+ blob_unref(fi->fi_blob);
vim_free(fi);
}
***************
*** 4217,4224 ****
{
if (!vim_isxdigit(bp[1]))
{
! EMSG(_("E973: Blob literal should have an even
number of hex characters"));
! vim_free(blob);
ret = FAIL;
break;
}
--- 4221,4232 ----
{
if (!vim_isxdigit(bp[1]))
{
! if (blob != NULL)
! {
! EMSG(_("E973: Blob literal should have an even
number of hex characters"));
! ga_clear(&blob->bv_ga);
! VIM_CLEAR(blob);
! }
ret = FAIL;
break;
}
***************
*** 4227,4237 ****
(hex2nr(*bp) << 4) + hex2nr(*(bp+1)));
}
if (blob != NULL)
! {
! ++blob->bv_refcount;
! rettv->v_type = VAR_BLOB;
! rettv->vval.v_blob = blob;
! }
*arg = bp;
}
else
--- 4235,4241 ----
(hex2nr(*bp) << 4) + hex2nr(*(bp+1)));
}
if (blob != NULL)
! rettv_blob_set(rettv, blob);
*arg = bp;
}
else
*** ../vim-8.1.0737/src/version.c 2019-01-13 15:41:58.937718637 +0100
--- src/version.c 2019-01-13 15:46:25.263747024 +0100
***************
*** 797,798 ****
--- 797,800 ----
{ /* Add new patch number below this line */
+ /**/
+ 738,
/**/
--
hundred-and-one symptoms of being an internet addict:
186. You overstay in the office so you can have more time surfing the net.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
