Patch 8.1.2018
Problem: Using freed memory when out of memory and displaying message.
Solution: Make a copy of the message first.
Files: src/main.c, src/message.c, src/normal.c
*** ../vim-8.1.2017/src/main.c 2019-08-17 16:33:19.868881645 +0200
--- src/main.c 2019-09-09 19:31:34.676932018 +0200
***************
*** 1276,1291 ****
/* display message after redraw */
if (keep_msg != NULL)
{
! char_u *p;
! // msg_attr_keep() will set keep_msg to NULL, must free the
! // string here. Don't reset keep_msg, msg_attr_keep() uses it
! // to check for duplicates. Never put this message in history.
! p = keep_msg;
! msg_hist_off = TRUE;
! msg_attr((char *)p, keep_msg_attr);
! msg_hist_off = FALSE;
! vim_free(p);
}
if (need_fileinfo) /* show file info after redraw */
{
--- 1276,1294 ----
/* display message after redraw */
if (keep_msg != NULL)
{
! char_u *p = vim_strsave(keep_msg);
! if (p != NULL)
! {
! // msg_start() will set keep_msg to NULL, make a copy
! // first. Don't reset keep_msg, msg_attr_keep() uses it to
! // check for duplicates. Never put this message in
! // history.
! msg_hist_off = TRUE;
! msg_attr((char *)p, keep_msg_attr);
! msg_hist_off = FALSE;
! vim_free(p);
! }
}
if (need_fileinfo) /* show file info after redraw */
{
*** ../vim-8.1.2017/src/message.c 2019-09-04 15:54:23.916359692 +0200
--- src/message.c 2019-09-09 19:33:11.244439209 +0200
***************
*** 168,178 ****
ch_log(NULL, "ERROR: %s", (char *)s);
#endif
- /* When displaying keep_msg, don't let msg_start() free it, caller must do
- * that. */
- if ((char_u *)s == keep_msg)
- keep_msg = NULL;
-
/* Truncate the message if needed. */
msg_start();
buf = msg_strtrunc((char_u *)s, FALSE);
--- 168,173 ----
*** ../vim-8.1.2017/src/normal.c 2019-09-05 21:28:58.495157310 +0200
--- src/normal.c 2019-09-09 19:36:34.123444947 +0200
***************
*** 1182,1193 ****
kmsg = keep_msg;
keep_msg = NULL;
! /* showmode() will clear keep_msg, but we want to use it anyway */
update_screen(0);
! /* now reset it, otherwise it's put in the history again */
keep_msg = kmsg;
! msg_attr((char *)kmsg, keep_msg_attr);
! vim_free(kmsg);
}
setcursor();
cursor_on();
--- 1182,1198 ----
kmsg = keep_msg;
keep_msg = NULL;
! // showmode() will clear keep_msg, but we want to use it anyway
update_screen(0);
! // now reset it, otherwise it's put in the history again
keep_msg = kmsg;
!
! kmsg = vim_strsave(keep_msg);
! if (kmsg != NULL)
! {
! msg_attr((char *)kmsg, keep_msg_attr);
! vim_free(kmsg);
! }
}
setcursor();
cursor_on();
*** ../vim-8.1.2017/src/version.c 2019-09-09 18:35:28.119252725 +0200
--- src/version.c 2019-09-09 20:03:42.954382908 +0200
***************
*** 759,760 ****
--- 759,762 ----
{ /* Add new patch number below this line */
+ /**/
+ 2018,
/**/
--
hundred-and-one symptoms of being an internet addict:
230. You spend your Friday nights typing away at your keyboard
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/201909091804.x89I4kif002092%40masaka.moolenaar.net.
