mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-28 14:08:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.0.0047: using freed memory with recursive substitute (#19457)

Browse Source 
Problem:    Using freed memory with recursive substitute.
Solution:   Always make a copy for reg_prev_sub.
32acf1f1a7
This commit is contained in:
zeertzjq
2022-07-21 16:00:45 +08:00
committed by GitHub
parent 1f1863ed54
commit 6a7d00469b
3 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/nvim/ex_cmds.c
View File

@@ -3644,7 +3644,6 @@ static int do_sub(exarg_T *eap, proftime_T timeout, long cmdpreview_ns, handle_T
assert(sub != NULL);
bool sub_needs_free = false;
char *sub_copy = NULL;
// If the substitute pattern starts with "\=" then it's an expression.
@@ -3656,11 +3655,12 @@ static int do_sub(exarg_T *eap, proftime_T timeout, long cmdpreview_ns, handle_T
sub = xstrdup(sub);
sub_copy = sub;
} else {
char *source = sub;
sub = (char *)regtilde((char_u *)sub, p_magic, cmdpreview);
// When previewing, the new pattern allocated by regtilde() needs to be freed
// in this function because it will not be used or freed by regtilde() later.
sub_needs_free = cmdpreview && sub != source;
char *newsub = (char *)regtilde((char_u *)sub, p_magic, cmdpreview);
if (newsub != sub) {
// newsub was allocated, free it later.
sub_copy = newsub;
sub = newsub;
}
}
bool cmdheight0 = p_ch < 1 && !ui_has(kUIMessages);
@@ -4459,9 +4459,6 @@ skip:
vim_regfree(regmatch.regprog);
xfree(sub_copy);
if (sub_needs_free) {
xfree(sub);
}
// Restore the flag values, they can be used for ":&&".
subflags.do_all = save_do_all;