IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix warnings: undo.c: u_blockfree(): Use after free: FP.

Browse Source 
Problem    : Use-after-free @ 2686.
Diagnostic : False positive.
Rationale  : Suggested error path is taking false branch
             `uhp->uh_next.ptr != NULL` @ 2506, which cannot happen when
             `uhp == buf->b_u_oldhead`.
Resolution : Assert `buf->b_u_oldhead` is changed after freeing old one.
This commit is contained in:
Eliseo Martínez 2014-11-14 09:17:16 +01:00
parent fcd5a8643c
commit 4a8af9cc99
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/nvim/undo.c
View File

@ -80,6 +80,7 @@
#define UH_MAGIC 0x18dade /* value for uh_magic when in use */ #define UH_MAGIC 0x18dade /* value for uh_magic when in use */
#define UE_MAGIC 0xabc123 /* value for ue_magic when in use */ #define UE_MAGIC 0xabc123 /* value for ue_magic when in use */
#include <assert.h>
#include <inttypes.h> #include <inttypes.h>
#include <errno.h> #include <errno.h>
#include <stdbool.h> #include <stdbool.h>
@ -2682,8 +2683,11 @@ void u_undoline(void)
*/ */
void u_blockfree(buf_T *buf) void u_blockfree(buf_T *buf)
{ {
while (buf->b_u_oldhead != NULL) while (buf->b_u_oldhead != NULL) {
u_header_T *previous_oldhead = buf->b_u_oldhead;
u_freeheader(buf, buf->b_u_oldhead, NULL); u_freeheader(buf, buf->b_u_oldhead, NULL);
assert(buf->b_u_oldhead != previous_oldhead);
}
free(buf->b_u_line_ptr); free(buf->b_u_line_ptr);
} }