mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-06 01:46:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.2.3612: using freed memory with regexp using a mark (#16973)

Browse Source 
Problem:    Using freed memory with regexp using a mark.
Solution:   Get the line again after getting the mark position.
64066b9acd
This commit is contained in:
f380cedric
2022-01-27 14:59:30 +01:00
committed by GitHub
parent 5182627ce9
commit c5ac04331b
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/nvim/regexp_nfa.c
View File

@@ -6071,8 +6071,15 @@ static int nfa_regmatch(nfa_regprog_T *prog, nfa_state_T *start,
case NFA_MARK_GT:
case NFA_MARK_LT:
{
size_t col = rex.input - rex.line;
pos_T *pos = getmark_buf(rex.reg_buf, t->state->val, false);
// Line may have been freed, get it again.
if (REG_MULTI) {
rex.line = reg_getline(rex.lnum);
rex.input = rex.line + col;
}
// Compare the mark position to the match position, if the mark
// exists and mark is set in reg_buf.
if (pos != NULL && pos->lnum > 0) {