From 58e1e010454113a7c8a9b0327c54d2ee7d73d2fd Mon Sep 17 00:00:00 2001
From: zeertzjq <zeertzjq@outlook.com>
Date: Sun, 4 Jun 2023 18:46:28 +0100
Subject: patch 9.0.1606: using freed memory when 'foldcolumn' is set

Problem:    Using freed memory when 'foldcolumn' is set.
Solution:   Save extra pointer to free it later. (closes #12492)
---
 src/drawline.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/drawline.c')

diff --git a/src/drawline.c b/src/drawline.c
index 2fbfe452cd..848b3ae892 100644
--- a/src/drawline.c
+++ b/src/drawline.c
@@ -150,6 +150,7 @@ typedef struct {
     // saved "extra" items for when draw_state becomes WL_LINE (again)
     int		saved_n_extra;
     char_u	*saved_p_extra;
+    char_u	*saved_p_extra_free;
     int		saved_extra_attr;
     int		saved_n_attr_skip;
     int		saved_extra_for_textprop;
@@ -230,7 +231,7 @@ handle_foldcolumn(win_T *wp, winlinevars_T *wlv)
 	return;
 
     wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
-	    wp, FALSE, wlv->lnum);
+							 wp, FALSE, wlv->lnum);
     wlv->p_extra_free[wlv->n_extra] = NUL;
     wlv->p_extra = wlv->p_extra_free;
     wlv->c_extra = NUL;
@@ -979,6 +980,9 @@ win_line_start(win_T *wp UNUSED, winlinevars_T *wlv, int save_extra)
 	wlv->draw_state = WL_START;
 	wlv->saved_n_extra = wlv->n_extra;
 	wlv->saved_p_extra = wlv->p_extra;
+	vim_free(wlv->saved_p_extra_free);
+	wlv->saved_p_extra_free = wlv->p_extra_free;
+	wlv->p_extra_free = NULL;
 	wlv->saved_extra_attr = wlv->extra_attr;
 	wlv->saved_n_attr_skip = wlv->n_attr_skip;
 	wlv->saved_extra_for_textprop = wlv->extra_for_textprop;
@@ -1015,6 +1019,9 @@ win_line_continue(winlinevars_T *wlv)
 	wlv->c_extra = wlv->saved_c_extra;
 	wlv->c_final = wlv->saved_c_final;
 	wlv->p_extra = wlv->saved_p_extra;
+	vim_free(wlv->p_extra_free);
+	wlv->p_extra_free = wlv->saved_p_extra_free;
+	wlv->saved_p_extra_free = NULL;
 	wlv->extra_attr = wlv->saved_extra_attr;
 	wlv->n_attr_skip = wlv->saved_n_attr_skip;
 	wlv->extra_for_textprop = wlv->saved_extra_for_textprop;
@@ -4119,5 +4126,6 @@ win_line(
 #endif
 
     vim_free(wlv.p_extra_free);
+    vim_free(wlv.saved_p_extra_free);
     return wlv.row;
 }
-- 
cgit v1.2.3