mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-12-12 09:32:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.1.1066: heap-use-after-free and stack-use-after-scope with :14verbose

Browse Source 
Problem:  heap-use-after-free and stack-use-after-scope with :14verbose
          when using :return and :try (after 9.1.1063).
Solution: Move back the vim_free(tofree) and the scope of numbuf[].
          (zeertzjq)

closes: vim/vim#16563

2101230f40
This commit is contained in:
zeertzjq
2025-02-02 16:00:04 +08:00
parent b853ef770a
commit 82ac8294c2
2 changed files with 36 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/nvim/eval/userfunc.c
View File

@@ -3672,12 +3672,11 @@ bool do_return(exarg_T *eap, bool reanimate, bool is_cmd, void *rettv)
char *get_return_cmd(void *rettv)
{
char *s = NULL;
char *tofree = NULL;
size_t slen = 0;
if (rettv != NULL) {
char *tofree = NULL;
tofree = s = encode_tv2echo((typval_T *)rettv, NULL);
xfree(tofree);
}
if (s == NULL) {
s = "";
@@ -3688,10 +3687,11 @@ char *get_return_cmd(void *rettv)
xstrlcpy(IObuff, ":return ", IOSIZE);
xstrlcpy(IObuff + 8, s, IOSIZE - 8);
size_t IObufflen = 8 + slen;
if (slen + 8 >= IOSIZE) {
if (IObufflen >= IOSIZE) {
STRCPY(IObuff + IOSIZE - 4, "...");
IObufflen += 3;
IObufflen = IOSIZE - 1;
}
xfree(tofree);
return xstrnsave(IObuff, IObufflen);
}