Patch 8.2.3612
Problem: Using freed memory with regexp using a mark.
Solution: Get the line again after getting the mark position.
Files: src/regexp.c, src/regexp_nfa.c, src/testdir/test_regexp_latin.vim
*** ../vim-8.2.3611/src/regexp.c 2021-07-21 21:20:30.066401728 +0100
--- src/regexp.c 2021-11-17 18:11:39.476557801 +0000
***************
*** 1129,1135 ****
// The current match-position is stord in these variables:
linenr_T lnum; // line number, relative to first line
char_u *line; // start of current line
! char_u *input; // current input, points into "regline"
int need_clear_subexpr; // subexpressions still need to be
cleared
#ifdef FEAT_SYN_HL
--- 1129,1135 ----
// The current match-position is stord in these variables:
linenr_T lnum; // line number, relative to first line
char_u *line; // start of current line
! char_u *input; // current input, points into "line"
int need_clear_subexpr; // subexpressions still need to be
cleared
#ifdef FEAT_SYN_HL
*** ../vim-8.2.3611/src/regexp_nfa.c 2021-09-07 18:26:46.114706317 +0100
--- src/regexp_nfa.c 2021-11-17 18:21:28.520109937 +0000
***************
*** 6834,6841 ****
--- 6834,6849 ----
case NFA_MARK_GT:
case NFA_MARK_LT:
{
+ size_t col = rex.input - rex.line;
pos_T *pos = getmark_buf(rex.reg_buf, t->state->val, FALSE);
+ // Line may have been freed, get it again.
+ if (REG_MULTI)
+ {
+ rex.line = reg_getline(rex.lnum);
+ rex.input = rex.line + col;
+ }
+
// Compare the mark position to the match position, if the mark
// exists and mark is set in reg_buf.
if (pos != NULL && pos->lnum > 0)
*** ../vim-8.2.3611/src/testdir/test_regexp_latin.vim 2021-07-05
19:14:54.400221570 +0100
--- src/testdir/test_regexp_latin.vim 2021-11-17 18:20:10.896170073 +0000
***************
*** 1037,1040 ****
--- 1037,1048 ----
set re&
endfunc
+ func Test_using_mark_position()
+ " this was using freed memory
+ new
+ norm O0
+ call assert_fails("s/\\%')", 'E486:')
+ bwipe!
+ endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.3611/src/version.c 2021-11-17 18:00:28.189010856 +0000
--- src/version.c 2021-11-17 18:22:23.388067265 +0000
***************
*** 759,760 ****
--- 759,762 ----
{ /* Add new patch number below this line */
+ /**/
+ 3612,
/**/
--
The early bird gets the worm. The second mouse gets the cheese.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20211117182324.92A4F1C656C%40moolenaar.net.
