From 71658f74ae64c366b2d35b82c0a2eadb1317f028 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Tue, 24 Mar 2020 20:35:19 +0100 Subject: patch 8.2.0442: channel contents might be used after being freed Problem: Channel contents might be used after being freed. Solution: Reset the job channel before freeing the channel. --- src/channel.c | 19 +++++++++---------- src/version.c | 2 ++ 2 files changed, 11 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/channel.c b/src/channel.c index 6dde107bf..a57ed9ccf 100644 --- a/src/channel.c +++ b/src/channel.c @@ -396,6 +396,7 @@ channel_can_close(channel_T *channel) /* * Close a channel and free all its resources. + * The "channel" pointer remains valid. */ static void channel_free_contents(channel_T *channel) @@ -405,6 +406,9 @@ channel_free_contents(channel_T *channel) ch_log(channel, "Freeing channel"); } +/* + * Unlink "channel" from the list of channels and free it. + */ static void channel_free_channel(channel_T *channel) { @@ -497,10 +501,8 @@ free_unused_channels(int copyID, int mask) ch_next = ch->ch_next; if (!channel_still_useful(ch) && (ch->ch_copyID & mask) != (copyID & mask)) - { // Free the channel struct itself. channel_free_channel(ch); - } } } @@ -4454,15 +4456,12 @@ channel_parse_messages(void) } if (channel->ch_to_be_freed || channel->ch_killing) { - if (channel->ch_killing) - { - channel_free_contents(channel); - channel_free_channel(channel); + channel_free_contents(channel); + if (channel->ch_job != NULL) channel->ch_job->jv_channel = NULL; - } - else - channel_free(channel); - // channel has been freed, start over + + // free the channel and then start over + channel_free_channel(channel); channel = first_channel; continue; } diff --git a/src/version.c b/src/version.c index 0cf601163..31c5610b9 100644 --- a/src/version.c +++ b/src/version.c @@ -738,6 +738,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 442, /**/ 441, /**/ -- cgit v1.2.1