Patch 9.0.1606
Problem: Using freed memory when 'foldcolumn' is set.
Solution: Save extra pointer to free it later. (closes #12492)
Files: src/drawline.c, src/testdir/test_fold.vim
*** ../vim-9.0.1605/src/drawline.c 2023-06-03 19:44:42.573842760 +0100
--- src/drawline.c 2023-06-04 18:44:44.706639414 +0100
***************
*** 150,155 ****
--- 150,156 ----
// saved "extra" items for when draw_state becomes WL_LINE (again)
int saved_n_extra;
char_u *saved_p_extra;
+ char_u *saved_p_extra_free;
int saved_extra_attr;
int saved_n_attr_skip;
int saved_extra_for_textprop;
***************
*** 230,236 ****
return;
wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
! wp, FALSE, wlv->lnum);
wlv->p_extra_free[wlv->n_extra] = NUL;
wlv->p_extra = wlv->p_extra_free;
wlv->c_extra = NUL;
--- 231,237 ----
return;
wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
! wp, FALSE, wlv->lnum);
wlv->p_extra_free[wlv->n_extra] = NUL;
wlv->p_extra = wlv->p_extra_free;
wlv->c_extra = NUL;
***************
*** 979,984 ****
--- 980,988 ----
wlv->draw_state = WL_START;
wlv->saved_n_extra = wlv->n_extra;
wlv->saved_p_extra = wlv->p_extra;
+ vim_free(wlv->saved_p_extra_free);
+ wlv->saved_p_extra_free = wlv->p_extra_free;
+ wlv->p_extra_free = NULL;
wlv->saved_extra_attr = wlv->extra_attr;
wlv->saved_n_attr_skip = wlv->n_attr_skip;
wlv->saved_extra_for_textprop = wlv->extra_for_textprop;
***************
*** 1015,1020 ****
--- 1019,1027 ----
wlv->c_extra = wlv->saved_c_extra;
wlv->c_final = wlv->saved_c_final;
wlv->p_extra = wlv->saved_p_extra;
+ vim_free(wlv->p_extra_free);
+ wlv->p_extra_free = wlv->saved_p_extra_free;
+ wlv->saved_p_extra_free = NULL;
wlv->extra_attr = wlv->saved_extra_attr;
wlv->n_attr_skip = wlv->saved_n_attr_skip;
wlv->extra_for_textprop = wlv->saved_extra_for_textprop;
***************
*** 4119,4123 ****
--- 4126,4131 ----
#endif
vim_free(wlv.p_extra_free);
+ vim_free(wlv.saved_p_extra_free);
return wlv.row;
}
*** ../vim-9.0.1605/src/testdir/test_fold.vim 2023-02-18 20:15:39.693994664
+0000
--- src/testdir/test_fold.vim 2023-06-04 18:39:12.691154215 +0100
***************
*** 1755,1758 ****
--- 1755,1772 ----
call assert_equal(1, line('.'))
endfunc
+ " This was using freed memory
+ func Test_foldcolumn_linebreak_control_char()
+ CheckFeature linebreak
+
+ 5vnew
+ setlocal foldcolumn=1 linebreak
+ call setline(1, "aaa\<C-A>b")
+ redraw
+ call assert_equal([' aaa^', ' Ab '], ScreenLines([1, 2], 5))
+ call assert_equal(screenattr(1, 5), screenattr(2, 2))
+
+ bwipe!
+ endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-9.0.1605/src/version.c 2023-06-04 18:11:31.998816728 +0100
--- src/version.c 2023-06-04 18:41:23.378943516 +0100
***************
*** 697,698 ****
--- 697,700 ----
{ /* Add new patch number below this line */
+ /**/
+ 1606,
/**/
--
hundred-and-one symptoms of being an internet addict:
115. You are late picking up your kid from school and try to explain
to the teacher you were stuck in Web traffic.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20230604174659.2EA731C0C30%40moolenaar.net.
