diff options
| author | Bram Moolenaar <Bram@vim.org> | 2017-06-24 14:48:11 +0200 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2017-06-24 14:48:11 +0200 |
| commit | 53564f7c1a2998d92568e07fff1f2a4c1cecb646 (patch) | |
| tree | 161f99431749a8300e546b67d7c750f934522a4c | |
| parent | 5fe691240bff11e9618252486147f0156e875666 (diff) | |
| download | vim-git-53564f7c1a2998d92568e07fff1f2a4c1cecb646.tar.gz | |
patch 8.0.0667: memory access error when command follows :endfuncv8.0.0667
Problem: Memory access error when command follows :endfunction. (Nikolai
Pavlov)
Solution: Make memory handling in :function straightforward. (closes #1793)
| -rw-r--r-- | src/testdir/test_vimscript.vim | 10 | ||||
| -rw-r--r-- | src/userfunc.c | 51 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 42 insertions, 21 deletions
diff --git a/src/testdir/test_vimscript.vim b/src/testdir/test_vimscript.vim index 13b32cdd4..29394c990 100644 --- a/src/testdir/test_vimscript.vim +++ b/src/testdir/test_vimscript.vim @@ -1379,6 +1379,11 @@ func Test_endfunction_trailing() delfunc Xtest unlet done + " trailing line break + exe "func Xtest()\necho 'hello'\nendfunc\n" + call assert_true(exists('*Xtest')) + delfunc Xtest + set verbose=1 exe "func Xtest()\necho 'hello'\nendfunc \" garbage" call assert_notmatch('W22:', split(execute('1messages'), "\n")[0]) @@ -1390,6 +1395,11 @@ func Test_endfunction_trailing() call assert_true(exists('*Xtest')) delfunc Xtest set verbose=0 + + function Foo() + echo 'hello' + endfunction | echo 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' + delfunc Foo endfunc func Test_delfunction_force() diff --git a/src/userfunc.c b/src/userfunc.c index dfd7fcc24..e18768455 100644 --- a/src/userfunc.c +++ b/src/userfunc.c @@ -1780,6 +1780,7 @@ theend: ex_function(exarg_T *eap) { char_u *theline; + char_u *line_to_free = NULL; int j; int c; int saved_did_emsg; @@ -2093,10 +2094,15 @@ ex_function(exarg_T *eap) line_arg = p + 1; } } - else if (eap->getline == NULL) - theline = getcmdline(':', 0L, indent); else - theline = eap->getline(':', eap->cookie, indent); + { + vim_free(line_to_free); + if (eap->getline == NULL) + theline = getcmdline(':', 0L, indent); + else + theline = eap->getline(':', eap->cookie, indent); + line_to_free = theline; + } if (KeyTyped) lines_left = Rows - 1; if (theline == NULL) @@ -2130,18 +2136,29 @@ ex_function(exarg_T *eap) /* Check for "endfunction". */ if (checkforcmd(&p, "endfunction", 4) && nesting-- == 0) { + char_u *nextcmd = NULL; + if (*p == '|') - /* Another command follows. */ - eap->nextcmd = vim_strsave(p + 1); + nextcmd = p + 1; else if (line_arg != NULL && *skipwhite(line_arg) != NUL) - /* Another command follows. */ - eap->nextcmd = line_arg; + nextcmd = line_arg; else if (*p != NUL && *p != '"' && p_verbose > 0) give_warning2( (char_u *)_("W22: Text found after :endfunction: %s"), p, TRUE); - if (line_arg == NULL) - vim_free(theline); + if (nextcmd != NULL) + { + /* Another command follows. If the line came from "eap" we + * can simply point into it, otherwise we need to change + * "eap->cmdlinep". */ + eap->nextcmd = nextcmd; + if (line_to_free != NULL) + { + vim_free(*eap->cmdlinep); + *eap->cmdlinep = line_to_free; + line_to_free = NULL; + } + } break; } @@ -2212,24 +2229,15 @@ ex_function(exarg_T *eap) /* Add the line to the function. */ if (ga_grow(&newlines, 1 + sourcing_lnum_off) == FAIL) - { - if (line_arg == NULL) - vim_free(theline); goto erret; - } /* Copy the line to newly allocated memory. get_one_sourceline() * allocates 250 bytes per line, this saves 80% on average. The cost * is an extra alloc/free. */ p = vim_strsave(theline); - if (p != NULL) - { - if (line_arg == NULL) - vim_free(theline); - theline = p; - } - - ((char_u **)(newlines.ga_data))[newlines.ga_len++] = theline; + if (p == NULL) + goto erret; + ((char_u **)(newlines.ga_data))[newlines.ga_len++] = p; /* Add NULL lines for continuation lines, so that the line count is * equal to the index in the growarray. */ @@ -2428,6 +2436,7 @@ errret_2: ga_clear_strings(&newlines); ret_free: vim_free(skip_until); + vim_free(line_to_free); vim_free(fudi.fd_newkey); vim_free(name); did_emsg |= saved_did_emsg; diff --git a/src/version.c b/src/version.c index 52ed10265..daa3531c1 100644 --- a/src/version.c +++ b/src/version.c @@ -765,6 +765,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 667, +/**/ 666, /**/ 665, |