Patch 9.0.0873
Problem: Using freed memory when executing mapclear at the more prompt.
Solution: Do not clear mappings while listing them. (closes #11438)
Files: src/map.c, src/errors.h, src/testdir/test_mapping.vim
*** ../vim-9.0.0872/src/map.c 2022-10-19 13:06:58.032690097 +0100
--- src/map.c 2022-11-13 20:35:45.056167460 +0000
***************
*** 24,29 ****
--- 24,33 ----
static mapblock_T *(maphash[256]);
static int maphash_valid = FALSE;
+ // When non-zero then no mappings can be added or removed. Prevents mappings
+ // to change while listing them.
+ static int map_locked = 0;
+
/*
* Make a hash value for a mapping.
* "mode" is the lower 4 bits of the State for the mapping.
***************
*** 150,160 ****
if (message_filtered(mp->m_keys) && message_filtered(mp->m_str))
return;
if (msg_didout || msg_silent != 0)
{
msg_putchar('\n');
if (got_int) // 'q' typed at MORE prompt
! return;
}
mapchars = map_mode_to_chars(mp->m_mode);
--- 154,168 ----
if (message_filtered(mp->m_keys) && message_filtered(mp->m_str))
return;
+ // Prevent mappings to be cleared while at the more prompt.
+ // Must jump to "theend" instead of returning.
+ ++map_locked;
+
if (msg_didout || msg_silent != 0)
{
msg_putchar('\n');
if (got_int) // 'q' typed at MORE prompt
! goto theend;
}
mapchars = map_mode_to_chars(mp->m_mode);
***************
*** 200,205 ****
--- 208,216 ----
#endif
msg_clr_eos();
out_flush(); // show one line at a time
+
+ theend:
+ --map_locked;
}
static int
***************
*** 298,303 ****
--- 309,317 ----
int mode,
int *did_local)
{
+ // Prevent mappings to be cleared while at the more prompt.
+ ++map_locked;
+
if (p_verbose > 0 && keyround == 1 && seenModifyOtherKeys)
msg_puts(_("Seen modifyOtherKeys: true"));
***************
*** 337,342 ****
--- 351,358 ----
}
}
}
+
+ --map_locked;
}
/*
***************
*** 955,960 ****
--- 971,991 ----
}
/*
+ * If "map_locked" is set then give an error and return TRUE.
+ * Otherwise return FALSE.
+ */
+ static int
+ is_map_locked(void)
+ {
+ if (map_locked > 0)
+ {
+ emsg(_(e_cannot_change_mappings_while_listing));
+ return TRUE;
+ }
+ return FALSE;
+ }
+
+ /*
* Clear all mappings in "mode".
*/
void
***************
*** 968,973 ****
--- 999,1007 ----
int hash;
int new_hash;
+ if (is_map_locked())
+ return;
+
validate_maphash();
for (hash = 0; hash < 256; ++hash)
*** ../vim-9.0.0872/src/errors.h 2022-11-02 13:30:37.530314524 +0000
--- src/errors.h 2022-11-13 20:30:13.351780114 +0000
***************
*** 3333,3335 ****
--- 3333,3337 ----
EXTERN char e_cannot_resize_window_in_another_tab_page[]
INIT(= N_("E1308: Cannot resize a window in another tab page"));
#endif
+ EXTERN char e_cannot_change_mappings_while_listing[]
+ INIT(= N_("E1309: Cannot change mappings while listing"));
*** ../vim-9.0.0872/src/testdir/test_mapping.vim 2022-11-01
11:44:12.690558580 +0000
--- src/testdir/test_mapping.vim 2022-11-13 20:40:32.884322645 +0000
***************
*** 1774,1778 ****
--- 1774,1802 ----
nunmap :00
endfunc
+ func Test_mapclear_while_listing()
+ CheckRunVimInTerminal
+
+ let lines =<< trim END
+ set nocompatible
+ mapclear
+ for i in range(1, 999)
+ exe 'map ' .. 'foo' .. i .. ' bar'
+ endfor
+ au CmdlineLeave : call timer_start(0, {-> execute('mapclear')})
+ END
+ call writefile(lines, 'Xmapclear', 'D')
+ let buf = RunVimInTerminal('-S Xmapclear', {'rows': 10})
+
+ " this was using freed memory
+ call term_sendkeys(buf, ":map\<CR>")
+ call TermWait(buf, 50)
+ call term_sendkeys(buf, "G")
+ call TermWait(buf, 50)
+ call term_sendkeys(buf, "\<CR>")
+
+ call StopVimInTerminal(buf)
+ endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-9.0.0872/src/version.c 2022-11-13 18:11:13.779781164 +0000
--- src/version.c 2022-11-13 20:20:15.218877495 +0000
***************
*** 697,698 ****
--- 697,700 ----
{ /* Add new patch number below this line */
+ /**/
+ 873,
/**/
--
hundred-and-one symptoms of being an internet addict:
56. You leave the modem speaker on after connecting because you think it
sounds like the ocean wind...the perfect soundtrack for "surfing the net".
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20221113204347.09E901C0473%40moolenaar.net.
