diff options
author | Bram Moolenaar <Bram@vim.org> | 2022-09-17 19:43:23 +0100 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2022-09-17 19:43:23 +0100 |
commit | 1c3dd8ddcba63c1af5112e567215b3cec2de11d0 (patch) | |
tree | af01369780ad70339d079d0a9297d3dfe2b037b6 | |
parent | fb593c5350e8fe23b608ded5a011cd7eefe73922 (diff) |
patch 9.0.0490: using freed memory with cmdwin and BufEnter autocmdv9.0.0490
Problem: Using freed memory with cmdwin and BufEnter autocmd.
Solution: Make sure pointer to b_p_iminsert is still valid.
-rw-r--r-- | src/ex_getln.c | 8 | ||||
-rw-r--r-- | src/testdir/test_cmdwin.vim | 10 | ||||
-rw-r--r-- | src/version.c | 2 |
3 files changed, 18 insertions, 2 deletions
diff --git a/src/ex_getln.c b/src/ex_getln.c index 70436b31f0..a4fb61145c 100644 --- a/src/ex_getln.c +++ b/src/ex_getln.c @@ -1587,6 +1587,7 @@ getcmdline_int( #endif expand_T xpc; long *b_im_ptr = NULL; + buf_T *b_im_ptr_buf = NULL; // buffer where b_im_ptr is valid cmdline_info_T save_ccline; int did_save_ccline = FALSE; int cmdline_type; @@ -1683,6 +1684,7 @@ getcmdline_int( b_im_ptr = &curbuf->b_p_iminsert; else b_im_ptr = &curbuf->b_p_imsearch; + b_im_ptr_buf = curbuf; if (*b_im_ptr == B_IMODE_LMAP) State |= MODE_LANGMAP; #ifdef HAVE_INPUT_METHOD @@ -2034,7 +2036,8 @@ getcmdline_int( goto cmdline_not_changed; case Ctrl_HAT: - cmdline_toggle_langmap(b_im_ptr); + cmdline_toggle_langmap( + buf_valid(b_im_ptr_buf) ? b_im_ptr : NULL); goto cmdline_not_changed; // case '@': only in very old vi @@ -2544,7 +2547,8 @@ returncmd: #endif #ifdef HAVE_INPUT_METHOD - if (b_im_ptr != NULL && *b_im_ptr != B_IMODE_LMAP) + if (b_im_ptr != NULL && buf_valid(b_im_ptr_buf) + && *b_im_ptr != B_IMODE_LMAP) im_save_status(b_im_ptr); im_set_active(FALSE); #endif diff --git a/src/testdir/test_cmdwin.vim b/src/testdir/test_cmdwin.vim index d62673aba2..fe849bcc16 100644 --- a/src/testdir/test_cmdwin.vim +++ b/src/testdir/test_cmdwin.vim @@ -378,5 +378,15 @@ func Test_normal_escape() call assert_equal('" bar', @:) endfunc +" This was using a pointer to a freed buffer +func Test_cmdwin_freed_buffer_ptr() + au BufEnter * next 0| file + edit 0 + silent! norm q/ + + au! BufEnter + bwipe! +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/version.c b/src/version.c index f4c5fb4a89..7d7ac1654e 100644 --- a/src/version.c +++ b/src/version.c @@ -704,6 +704,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 490, +/**/ 489, /**/ 488, |