Patch 9.0.0026
Problem: Accessing freed memory with diff put.
Solution: Bail out when diff pointer is no longer valid.
Files: src/diff.c
*** ../vim-9.0.0025/src/diff.c 2022-06-26 17:49:55.000000000 +0100
--- src/diff.c 2022-07-02 15:07:09.622793370 +0100
***************
*** 2643,2648 ****
--- 2643,2662 ----
}
/*
+ * Return TRUE if "diff" appears in the list of diff blocks of the current
tab.
+ */
+ static int
+ valid_diff(diff_T *diff)
+ {
+ diff_T *dp;
+
+ for (dp = curtab->tp_first_diff; dp != NULL; dp = dp->df_next)
+ if (dp == diff)
+ return TRUE;
+ return FALSE;
+ }
+
+ /*
* ":diffget"
* ":diffput"
*/
***************
*** 2899,2907 ****
}
}
- // Adjust marks. This will change the following entries!
if (added != 0)
{
mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added);
if (curwin->w_cursor.lnum >= lnum)
{
--- 2913,2921 ----
}
}
if (added != 0)
{
+ // Adjust marks. This will change the following entries!
mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added);
if (curwin->w_cursor.lnum >= lnum)
{
***************
*** 2923,2929 ****
#endif
vim_free(dfree);
}
! else
// mark_adjust() may have changed the count in a wrong way
dp->df_count[idx_to] = new_count;
--- 2937,2949 ----
#endif
vim_free(dfree);
}
!
! // mark_adjust() may have made "dp" invalid. We don't know where
! // to continue then, bail out.
! if (added != 0 && !valid_diff(dp))
! break;
!
! if (dfree == NULL)
// mark_adjust() may have changed the count in a wrong way
dp->df_count[idx_to] = new_count;
*** ../vim-9.0.0025/src/version.c 2022-07-02 13:43:17.947746835 +0100
--- src/version.c 2022-07-02 15:08:13.678672755 +0100
***************
*** 737,738 ****
--- 737,740 ----
{ /* Add new patch number below this line */
+ /**/
+ 26,
/**/
--
On the other hand, you have different fingers.
-- Steven Wright
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20220702141029.A748F1C0D6D%40moolenaar.net.
