To: vim_dev@googlegroups.com Subject: Patch 8.1.2018 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.1.2018 Problem: Using freed memory when out of memory and displaying message. Solution: Make a copy of the message first. Files: src/main.c, src/message.c, src/normal.c *** ../vim-8.1.2017/src/main.c 2019-08-17 16:33:19.868881645 +0200 --- src/main.c 2019-09-09 19:31:34.676932018 +0200 *************** *** 1276,1291 **** /* display message after redraw */ if (keep_msg != NULL) { ! char_u *p; ! // msg_attr_keep() will set keep_msg to NULL, must free the ! // string here. Don't reset keep_msg, msg_attr_keep() uses it ! // to check for duplicates. Never put this message in history. ! p = keep_msg; ! msg_hist_off = TRUE; ! msg_attr((char *)p, keep_msg_attr); ! msg_hist_off = FALSE; ! vim_free(p); } if (need_fileinfo) /* show file info after redraw */ { --- 1276,1294 ---- /* display message after redraw */ if (keep_msg != NULL) { ! char_u *p = vim_strsave(keep_msg); ! if (p != NULL) ! { ! // msg_start() will set keep_msg to NULL, make a copy ! // first. Don't reset keep_msg, msg_attr_keep() uses it to ! // check for duplicates. Never put this message in ! // history. ! msg_hist_off = TRUE; ! msg_attr((char *)p, keep_msg_attr); ! msg_hist_off = FALSE; ! vim_free(p); ! } } if (need_fileinfo) /* show file info after redraw */ { *** ../vim-8.1.2017/src/message.c 2019-09-04 15:54:23.916359692 +0200 --- src/message.c 2019-09-09 19:33:11.244439209 +0200 *************** *** 168,178 **** ch_log(NULL, "ERROR: %s", (char *)s); #endif - /* When displaying keep_msg, don't let msg_start() free it, caller must do - * that. */ - if ((char_u *)s == keep_msg) - keep_msg = NULL; - /* Truncate the message if needed. */ msg_start(); buf = msg_strtrunc((char_u *)s, FALSE); --- 168,173 ---- *** ../vim-8.1.2017/src/normal.c 2019-09-05 21:28:58.495157310 +0200 --- src/normal.c 2019-09-09 19:36:34.123444947 +0200 *************** *** 1182,1193 **** kmsg = keep_msg; keep_msg = NULL; ! /* showmode() will clear keep_msg, but we want to use it anyway */ update_screen(0); ! /* now reset it, otherwise it's put in the history again */ keep_msg = kmsg; ! msg_attr((char *)kmsg, keep_msg_attr); ! vim_free(kmsg); } setcursor(); cursor_on(); --- 1182,1198 ---- kmsg = keep_msg; keep_msg = NULL; ! // showmode() will clear keep_msg, but we want to use it anyway update_screen(0); ! // now reset it, otherwise it's put in the history again keep_msg = kmsg; ! ! kmsg = vim_strsave(keep_msg); ! if (kmsg != NULL) ! { ! msg_attr((char *)kmsg, keep_msg_attr); ! vim_free(kmsg); ! } } setcursor(); cursor_on(); *** ../vim-8.1.2017/src/version.c 2019-09-09 18:35:28.119252725 +0200 --- src/version.c 2019-09-09 20:03:42.954382908 +0200 *************** *** 759,760 **** --- 759,762 ---- { /* Add new patch number below this line */ + /**/ + 2018, /**/ -- hundred-and-one symptoms of being an internet addict: 230. You spend your Friday nights typing away at your keyboard /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///