patch 8.2.5024: using freed memory with "]d"
Problem: Using freed memory with "]d". Solution: Copy the pattern before searching.
This commit is contained in:
		| @ -4464,6 +4464,11 @@ nv_brackets(cmdarg_T *cap) | ||||
| 	    clearop(cap->oap); | ||||
| 	else | ||||
| 	{ | ||||
| 	    // Make a copy, if the line was changed it will be freed. | ||||
| 	    ptr = vim_strnsave(ptr, len); | ||||
| 	    if (ptr == NULL) | ||||
| 		return; | ||||
|  | ||||
| 	    find_pattern_in_path(ptr, 0, len, TRUE, | ||||
| 		cap->count0 == 0 ? !isupper(cap->nchar) : FALSE, | ||||
| 		((cap->nchar & 0xf) == ('d' & 0xf)) ?  FIND_DEFINE : FIND_ANY, | ||||
| @ -4472,6 +4477,7 @@ nv_brackets(cmdarg_T *cap) | ||||
| 			    islower(cap->nchar) ? ACTION_SHOW : ACTION_GOTO, | ||||
| 		cap->cmdchar == ']' ? curwin->w_cursor.lnum + 1 : (linenr_T)1, | ||||
| 		(linenr_T)MAXLNUM); | ||||
| 	    vim_free(ptr); | ||||
| 	    curwin->w_set_curswant = TRUE; | ||||
| 	} | ||||
|     } | ||||
|  | ||||
| @ -1399,6 +1399,12 @@ func Test_define_search() | ||||
|   sil norm o0 | ||||
|   sil! norm  | ||||
|   bwipe! | ||||
|  | ||||
|   new somefile | ||||
|   call setline(1, ['first line', '', '#define something 0']) | ||||
|   sil norm 0o0 | ||||
|   sil! norm ]d | ||||
|   bwipe! | ||||
| endfunc | ||||
|  | ||||
| " Test for [*, [/, ]* and ]/ | ||||
|  | ||||
| @ -734,6 +734,8 @@ static char *(features[]) = | ||||
|  | ||||
| static int included_patches[] = | ||||
| {   /* Add new patch number below this line */ | ||||
| /**/ | ||||
|     5024, | ||||
| /**/ | ||||
|     5023, | ||||
| /**/ | ||||
|  | ||||
		Reference in New Issue
	
	Block a user