diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2024-02-18 18:53:08 +0100 |
|---|---|---|
| committer | Christian Brabandt <cb@256bit.org> | 2024-02-18 18:57:07 +0100 |
| commit | c86bff1771ed9c340f8f4433ae5530fd6de97980 (patch) | |
| tree | e36a2fc5b221480d2b7a0266298159c2232d855e /src | |
| parent | 026b17404aa3b6e01c4ee5f14a174f33c53f4401 (diff) | |
patch 9.1.0115: Using freed memory with full tag stack and user datav9.1.0115
Problem: Using freed memory with full tag stack and user data
(Konstantin Khlebnikov)
Solution: Clear the user data pointer of the newest entry.
(zeertzjq, Konstantin Khlebnikov)
fixes: neovim/neovim#27498
closes: #14053
Co-authored-by: Konstantin Khlebnikov koct9i@gmail.com
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Konstantin Khlebnikov koct9i@gmail.com
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/tag.c | 2 | ||||
| -rw-r--r-- | src/testdir/test_tagjump.vim | 29 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 25 insertions, 8 deletions
@@ -395,7 +395,7 @@ do_tag( tagstack_clear_entry(&tagstack[0]); for (i = 1; i < tagstacklen; ++i) tagstack[i - 1] = tagstack[i]; - --tagstackidx; + tagstack[--tagstackidx].user_data = NULL; } /* diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim index 8b85bd62fe..2abf1f6595 100644 --- a/src/testdir/test_tagjump.vim +++ b/src/testdir/test_tagjump.vim @@ -900,18 +900,33 @@ func Test_tag_stack() endfor call writefile(l, 'Xfoo', 'D') - " Jump to a tag when the tag stack is full. Oldest entry should be removed. enew + " Jump to a tag when the tag stack is full. Oldest entry should be removed. for i in range(10, 30) exe "tag var" .. i endfor - let l = gettagstack() - call assert_equal(20, l.length) - call assert_equal('var11', l.items[0].tagname) + let t = gettagstack() + call assert_equal(20, t.length) + call assert_equal('var11', t.items[0].tagname) + let full = deepcopy(t.items) + tag var31 + let t = gettagstack() + call assert_equal('var12', t.items[0].tagname) + call assert_equal('var31', t.items[19].tagname) + + " Jump to a tag when the tag stack is full, but with user data this time. + call foreach(full, {i, item -> extend(item, {'user_data': $'udata{i}'})}) + call settagstack(0, {'items': full}) + let t = gettagstack() + call assert_equal(20, t.length) + call assert_equal('var11', t.items[0].tagname) + call assert_equal('udata0', t.items[0].user_data) tag var31 - let l = gettagstack() - call assert_equal('var12', l.items[0].tagname) - call assert_equal('var31', l.items[19].tagname) + let t = gettagstack() + call assert_equal('var12', t.items[0].tagname) + call assert_equal('udata1', t.items[0].user_data) + call assert_equal('var31', t.items[19].tagname) + call assert_false(has_key(t.items[19], 'user_data')) " Use tnext with a single match call assert_fails('tnext', 'E427:') diff --git a/src/version.c b/src/version.c index bcb1d7c9cc..80cdfbcf3c 100644 --- a/src/version.c +++ b/src/version.c @@ -705,6 +705,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 115, +/**/ 114, /**/ 113, |