From 4614f53e0f853b513963d1a639398348a571ecf1 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Sun, 6 Jan 2019 12:54:55 +0100 Subject: [PATCH] patch 8.1.0694: when using text props may free memory that is not allocated Problem: When using text props may free memory that is not allocated. (Andy Massimino) Solution: Allocate the line when adjusting text props. (closes #3766) --- src/textprop.c | 13 ++++++++++--- src/version.c | 2 ++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/textprop.c b/src/textprop.c index 7bc10e080b..8b7d3f15ed 100644 --- a/src/textprop.c +++ b/src/textprop.c @@ -979,7 +979,9 @@ adjust_prop_columns( pt = text_prop_type_by_id(curbuf, tmp_prop.tp_type); if (bytes_added > 0 - ? (tmp_prop.tp_col >= col + (pt != NULL && (pt->pt_flags & PT_FLAG_INS_START_INCL) ? 2 : 1)) + ? (tmp_prop.tp_col >= col + + (pt != NULL && (pt->pt_flags & PT_FLAG_INS_START_INCL) + ? 2 : 1)) : (tmp_prop.tp_col > col + 1)) { tmp_prop.tp_col += bytes_added; @@ -987,7 +989,7 @@ adjust_prop_columns( } else if (tmp_prop.tp_len > 0 && tmp_prop.tp_col + tmp_prop.tp_len > col - + ((pt != NULL && (pt->pt_flags & PT_FLAG_INS_END_INCL)) + + ((pt != NULL && (pt->pt_flags & PT_FLAG_INS_END_INCL)) ? 0 : 1)) { tmp_prop.tp_len += bytes_added; @@ -1001,8 +1003,13 @@ adjust_prop_columns( } if (dirty) { + colnr_T newlen = (int)textlen + wi * (colnr_T)sizeof(textprop_T); + + if ((curbuf->b_ml.ml_flags & ML_LINE_DIRTY) == 0) + curbuf->b_ml.ml_line_ptr = + vim_memsave(curbuf->b_ml.ml_line_ptr, newlen); curbuf->b_ml.ml_flags |= ML_LINE_DIRTY; - curbuf->b_ml.ml_line_len = (int)textlen + wi * sizeof(textprop_T); + curbuf->b_ml.ml_line_len = newlen; } } diff --git a/src/version.c b/src/version.c index 7d3a5f619b..3450325e78 100644 --- a/src/version.c +++ b/src/version.c @@ -799,6 +799,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 694, /**/ 693, /**/