diff options
| author | Bram Moolenaar <Bram@vim.org> | 2022-03-29 13:24:58 +0100 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2022-03-29 13:24:58 +0100 |
| commit | b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (patch) | |
| tree | dee7da61584ff2984379de135bad55711d22c09a | |
| parent | fd01280d01c2270a320d8c962d24140a8176a400 (diff) | |
patch 8.2.4646: using buffer line after it has been freedv8.2.4646
Problem: Using buffer line after it has been freed in old regexp engine.
Solution: After getting mark get the line again.
| -rw-r--r-- | src/regexp_bt.c | 9 | ||||
| -rw-r--r-- | src/testdir/test_regexp_latin.vim | 7 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 18 insertions, 0 deletions
diff --git a/src/regexp_bt.c b/src/regexp_bt.c index 4082f59d35..793faaf6bc 100644 --- a/src/regexp_bt.c +++ b/src/regexp_bt.c @@ -3360,8 +3360,17 @@ regmatch( int mark = OPERAND(scan)[0]; int cmp = OPERAND(scan)[1]; pos_T *pos; + size_t col = REG_MULTI ? rex.input - rex.line : 0; pos = getmark_buf(rex.reg_buf, mark, FALSE); + + // Line may have been freed, get it again. + if (REG_MULTI) + { + rex.line = reg_getline(rex.lnum); + rex.input = rex.line + col; + } + if (pos == NULL // mark doesn't exist || pos->lnum <= 0) // mark isn't set in reg_buf { diff --git a/src/testdir/test_regexp_latin.vim b/src/testdir/test_regexp_latin.vim index 71915be9ed..fc9c81bfee 100644 --- a/src/testdir/test_regexp_latin.vim +++ b/src/testdir/test_regexp_latin.vim @@ -1042,10 +1042,17 @@ endfunc func Test_using_mark_position() " this was using freed memory + " new engine new norm O0 call assert_fails("s/\\%')", 'E486:') bwipe! + + " old engine + new + norm O0 + call assert_fails("s/\\%#=1\\%')", 'E486:') + bwipe! endfunc func Test_using_visual_position() diff --git a/src/version.c b/src/version.c index 03778bd5ca..14fd1c369c 100644 --- a/src/version.c +++ b/src/version.c @@ -751,6 +751,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 4646, +/**/ 4645, /**/ 4644, |