mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-25 04:28:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.1.0738: using freed memory, for loop over blob leaks memory

Browse Source 
Problem:    Using freed memory, for loop over blob leaks memory.
Solution:   Clear pointer after freeing memory.  Decrement reference count
            after for loop over blob.
ecc8bc482b
This commit is contained in:
Sean Dewar
2020-11-24 20:55:04 +00:00
parent de9df825d5
commit 7200454ee6
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/nvim/eval.c
View File

@@ -2603,6 +2603,8 @@ void *eval_for_line(const char_u *arg, bool *errp, char_u **nextcmdp, int skip)
if (b == NULL) { if (b == NULL) {
tv_clear(&tv); tv_clear(&tv);
} else { } else {
// No need to increment the refcount, it's already set for
// the blob being used in "tv".
fi->fi_blob = b; fi->fi_blob = b;
fi->fi_bi = 0; fi->fi_bi = 0;
} }
@@ -2666,6 +2668,9 @@ void free_for_info(void *fi_void)
tv_list_watch_remove(fi->fi_list, &fi->fi_lw); tv_list_watch_remove(fi->fi_list, &fi->fi_lw);
tv_list_unref(fi->fi_list); tv_list_unref(fi->fi_list);
} }
if (fi != NULL && fi->fi_blob != NULL) {
tv_blob_unref(fi->fi_blob);
}
xfree(fi); xfree(fi);
} }
@@ -4072,9 +4077,12 @@ static int eval7(
char_u *bp; char_u *bp;
for (bp = *arg + 2; ascii_isxdigit(bp[0]); bp += 2) { for (bp = *arg + 2; ascii_isxdigit(bp[0]); bp += 2) {
if (!ascii_isxdigit(bp[1])) { if (!ascii_isxdigit(bp[1])) {
EMSG(_("E973: Blob literal should have an even number of hex " if (blob != NULL) {
"characters")); EMSG(_("E973: Blob literal should have an even number of hex "
xfree(blob); "characters"));
ga_clear(&blob->bv_ga);
XFREE_CLEAR(blob);
}
ret = FAIL; ret = FAIL;
break; break;
} }