IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.2.5024: using freed memory with "]d" (#18762)

Browse Source 
Problem:    Using freed memory with "]d".
Solution:   Copy the pattern before searching.
e2fa213cf5
This commit is contained in:
zeertzjq 2022-05-27 05:59:05 +08:00 committed by GitHub
parent 30915cc8b0
commit e2940d3c79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/nvim/normal.c
View File

@ -4826,6 +4826,8 @@ static void nv_brackets(cmdarg_T *cap)
if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0) {
clearop(cap->oap);
} else {
// Make a copy, if the line was changed it will be freed.
ptr = vim_strnsave(ptr, len);
find_pattern_in_path(ptr, 0, len, true,
cap->count0 == 0 ? !isupper(cap->nchar) : false,
(((cap->nchar & 0xf) == ('d' & 0xf))
@ -4839,6 +4841,7 @@ static void nv_brackets(cmdarg_T *cap)
? curwin->w_cursor.lnum + 1
: (linenr_T)1),
MAXLNUM);
xfree(ptr);
curwin->w_set_curswant = true;
}
} else if ((cap->cmdchar == '[' && vim_strchr("{(*/#mM", cap->nchar) != NULL)

6
src/nvim/testdir/test_tagjump.vim
View File

@ -1084,6 +1084,12 @@ func Test_define_search()
sil norm o0
sil! norm 
bwipe!
new somefile
call setline(1, ['first line', '', '#define something 0'])
sil norm 0o0
sil! norm ]d
bwipe!
endfunc
" Test for the 'taglength' option