mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-12 21:06:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.2.4646: using buffer line after it has been freed (#17907)

Browse Source 
Problem:    Using buffer line after it has been freed in old regexp engine.
Solution:   After getting mark get the line again.
b55986c52d
This commit is contained in:
zeertzjq
2022-03-30 07:44:12 +08:00
committed by GitHub
parent e7ac16425c
commit 2f37823703
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/nvim/regexp_bt.c
View File

@@ -3131,8 +3131,16 @@ static bool regmatch(
int mark = OPERAND(scan)[0]; int mark = OPERAND(scan)[0];
int cmp = OPERAND(scan)[1]; int cmp = OPERAND(scan)[1];
pos_T *pos; pos_T *pos;
size_t col = REG_MULTI ? rex.input - rex.line : 0;
pos = getmark_buf(rex.reg_buf, mark, false); pos = getmark_buf(rex.reg_buf, mark, false);
// Line may have been freed, get it again.
if (REG_MULTI) {
rex.line = reg_getline(rex.lnum);
rex.input = rex.line + col;
}
if (pos == NULL // mark doesn't exist if (pos == NULL // mark doesn't exist
|| pos->lnum <= 0) { // mark isn't set in reg_buf || pos->lnum <= 0) { // mark isn't set in reg_buf
status = RA_NOMATCH; status = RA_NOMATCH;

7
src/nvim/testdir/test_regexp_latin.vim
View File

@@ -789,10 +789,17 @@ endfunc
func Test_using_mark_position() func Test_using_mark_position()
" this was using freed memory " this was using freed memory
" new engine
new new
norm O0 norm O0
call assert_fails("s/\\%')", 'E486:') call assert_fails("s/\\%')", 'E486:')
bwipe! bwipe!
" old engine
new
norm O0
call assert_fails("s/\\%#=1\\%')", 'E486:')
bwipe!
endfunc endfunc
func Test_using_visual_position() func Test_using_visual_position()