Permalink
Browse files

patch 8.0.0078

Problem:    Accessing freed memory in quickfix.
Solution:   Reset pointer when freeing 'errorformat'. (Domenique Pelle)
  • Loading branch information...
1 parent e3505df commit 63bed3d319b5d90765dbdae93a3579b6322d79fb @brammool brammool committed Nov 12, 2016
Showing with 15 additions and 1 deletion.
  1. +3 −1 src/quickfix.c
  2. +10 −0 src/testdir/test_quickfix.vim
  3. +2 −0 src/version.c
View
@@ -114,6 +114,8 @@ struct efm_S
int conthere; /* %> used */
};
+static efm_T *fmt_start = NULL; /* cached across qf_parse_line() calls */
+
static int qf_init_ext(qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title);
static void qf_store_title(qf_info_T *qi, char_u *title);
static void qf_new_list(qf_info_T *qi, char_u *qf_title);
@@ -389,6 +391,7 @@ free_efm_list(efm_T **efm_first)
vim_regfree(efm_ptr->prog);
vim_free(efm_ptr);
}
+ fmt_start = NULL;
}
/* Parse 'errorformat' option */
@@ -786,7 +789,6 @@ qf_parse_line(
qffields_T *fields)
{
efm_T *fmt_ptr;
- static efm_T *fmt_start = NULL; /* cached across calls */
char_u *ptr;
int len;
int i;
@@ -1648,3 +1648,13 @@ function! Test_Autocmd_Exception()
set efm&vim
endfunction
+
+function Test_caddbuffer()
+ " This used to cause a memory access in freed memory
+ let save_efm = &efm
+ set efm=%EEEE%m,%WWWW,%+CCCC%>%#,%GGGG%.#
+ cgetexpr ['WWWW', 'EEEE', 'CCCC']
+ let &efm = save_efm
+ cad
+ bwipe!
+endfunc
View
@@ -765,6 +765,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 78,
+/**/
77,
/**/
76,

0 comments on commit 63bed3d

Please sign in to comment.