diff options
author | Bram Moolenaar <Bram@vim.org> | 2019-09-09 20:04:13 +0200 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2019-09-09 20:04:13 +0200 |
commit | e5fbd7393067c279860598ac8359d1617b1082b9 (patch) | |
tree | 2b7d0d632f24b3659717bccf8c4d9e70f2c1f95b | |
parent | 96e38a86a710fb6daec4550ac1667f019dc3a40e (diff) | |
download | vim-git-e5fbd7393067c279860598ac8359d1617b1082b9.tar.gz |
patch 8.1.2018: using freed memory when out of memory and displaying messagev8.1.2018
Problem: Using freed memory when out of memory and displaying message.
Solution: Make a copy of the message first.
-rw-r--r-- | src/main.c | 23 | ||||
-rw-r--r-- | src/message.c | 5 | ||||
-rw-r--r-- | src/normal.c | 13 | ||||
-rw-r--r-- | src/version.c | 2 |
4 files changed, 24 insertions, 19 deletions
diff --git a/src/main.c b/src/main.c index 1eb49117d..6fe581ce7 100644 --- a/src/main.c +++ b/src/main.c @@ -1276,16 +1276,19 @@ main_loop( /* display message after redraw */ if (keep_msg != NULL) { - char_u *p; - - // msg_attr_keep() will set keep_msg to NULL, must free the - // string here. Don't reset keep_msg, msg_attr_keep() uses it - // to check for duplicates. Never put this message in history. - p = keep_msg; - msg_hist_off = TRUE; - msg_attr((char *)p, keep_msg_attr); - msg_hist_off = FALSE; - vim_free(p); + char_u *p = vim_strsave(keep_msg); + + if (p != NULL) + { + // msg_start() will set keep_msg to NULL, make a copy + // first. Don't reset keep_msg, msg_attr_keep() uses it to + // check for duplicates. Never put this message in + // history. + msg_hist_off = TRUE; + msg_attr((char *)p, keep_msg_attr); + msg_hist_off = FALSE; + vim_free(p); + } } if (need_fileinfo) /* show file info after redraw */ { diff --git a/src/message.c b/src/message.c index b5aff8476..7810c5be1 100644 --- a/src/message.c +++ b/src/message.c @@ -168,11 +168,6 @@ msg_attr_keep( ch_log(NULL, "ERROR: %s", (char *)s); #endif - /* When displaying keep_msg, don't let msg_start() free it, caller must do - * that. */ - if ((char_u *)s == keep_msg) - keep_msg = NULL; - /* Truncate the message if needed. */ msg_start(); buf = msg_strtrunc((char_u *)s, FALSE); diff --git a/src/normal.c b/src/normal.c index 7abd3fc99..d169f260a 100644 --- a/src/normal.c +++ b/src/normal.c @@ -1182,12 +1182,17 @@ getcount: kmsg = keep_msg; keep_msg = NULL; - /* showmode() will clear keep_msg, but we want to use it anyway */ + // showmode() will clear keep_msg, but we want to use it anyway update_screen(0); - /* now reset it, otherwise it's put in the history again */ + // now reset it, otherwise it's put in the history again keep_msg = kmsg; - msg_attr((char *)kmsg, keep_msg_attr); - vim_free(kmsg); + + kmsg = vim_strsave(keep_msg); + if (kmsg != NULL) + { + msg_attr((char *)kmsg, keep_msg_attr); + vim_free(kmsg); + } } setcursor(); cursor_on(); diff --git a/src/version.c b/src/version.c index c6f60af27..316136006 100644 --- a/src/version.c +++ b/src/version.c @@ -758,6 +758,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 2018, +/**/ 2017, /**/ 2016, |