IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

syntax.c: Prevent use after free for variable g:colors_name.

Browse Source 
ASan spotted a problem when using 'set background={light,dark}' with
color scheme solarized.
While loading the colors for color scheme 'g:colors_name', the pointer
on the value for this variable can become invalid, because of an 'unlet
colors_name' (part of an :highlight clear, syntax.c:6173).

To prevent the use of the freed value, decouple the value from
'g:colors_name' before calling load_colors() with it.
This commit is contained in:
oni-link 2015-03-12 14:05:16 +01:00 committed by Justin M. Keyes
parent bdbbdb5888
commit a916696a13
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/nvim/syntax.c
View File

@ -5938,15 +5938,22 @@ init_highlight (
int i; int i;
char **pp; char **pp;
static int had_both = FALSE; static int had_both = FALSE;
char_u *p;
/* /*
* Try finding the color scheme file. Used when a color file was loaded * Try finding the color scheme file. Used when a color file was loaded
* and 'background' or 't_Co' is changed. * and 'background' or 't_Co' is changed.
*/ */
p = get_var_value((char_u *)"g:colors_name"); char_u *p = get_var_value((char_u *)"g:colors_name");
if (p != NULL && load_colors(p) == OK) if (p != NULL) {
return; // Value of g:colors_name could be freed in load_colors() and make
// p invalid, so copy it.
char_u *copy_p = vim_strsave(p);
bool okay = load_colors(copy_p);
free(copy_p);
if (okay) {
return;
}
}
/* /*
* Didn't use a color file, use the compiled-in colors. * Didn't use a color file, use the compiled-in colors.