Skip to content

Commit 4f7fd56

Browse files
brammoolbrammool
committed
patch 8.1.0013: using freed memory when changing terminal cursor color
Problem: Using freed memory when changing terminal cursor color. Solution: Make a copy of the color. (Dominique Pelle, closes #2938, closes #2941)
1 parent 1f131ae commit 4f7fd56

2 files changed

Lines changed: 33 additions & 21 deletions

File tree

src/terminal.c

Lines changed: 31 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -171,8 +171,8 @@ static int term_default_cterm_bg = -1;
171171

172172
/* Store the last set and the desired cursor properties, so that we only update
173173
* them when needed. Doing it unnecessary may result in flicker. */
174-
static char_u *last_set_cursor_color = (char_u *)"";
175-
static char_u *desired_cursor_color = (char_u *)"";
174+
static char_u *last_set_cursor_color = NULL;
175+
static char_u *desired_cursor_color = NULL;
176176
static int last_set_cursor_shape = -1;
177177
static int desired_cursor_shape = -1;
178178
static int last_set_cursor_blink = -1;
@@ -183,6 +183,28 @@ static int desired_cursor_blink = -1;
183183
* 1. Generic code for all systems.
184184
*/
185185

186+
static void
187+
cursor_color_copy(char_u** to_color, char_u* from_color)
188+
{
189+
vim_free(*to_color);
190+
*to_color = (from_color == NULL) ? NULL : vim_strsave(from_color);
191+
}
192+
193+
static int
194+
cursor_color_equal(char_u *lhs_color, char_u *rhs_color)
195+
{
196+
if (lhs_color != NULL && rhs_color != NULL)
197+
return STRCMP(lhs_color, rhs_color) == 0;
198+
return lhs_color == NULL && rhs_color == NULL;
199+
}
200+
201+
static char_u *
202+
cursor_color_get(char_u *color)
203+
{
204+
return (color == NULL) ? (char_u *)"" : color;
205+
}
206+
207+
186208
/*
187209
* Parse 'termwinsize' and set "rows" and "cols" for the terminal size in the
188210
* current window.
@@ -823,8 +845,6 @@ free_terminal(buf_T *buf)
823845
if (term->tl_out_fd != NULL)
824846
fclose(term->tl_out_fd);
825847
#endif
826-
if (desired_cursor_color == term->tl_cursor_color)
827-
desired_cursor_color = (char_u *)"";
828848
vim_free(term->tl_cursor_color);
829849
vim_free(term);
830850
buf->b_term = NULL;
@@ -1954,14 +1974,14 @@ term_get_cursor_shape(guicolor_T *fg, guicolor_T *bg)
19541974
static void
19551975
may_output_cursor_props(void)
19561976
{
1957-
if (STRCMP(last_set_cursor_color, desired_cursor_color) != 0
1977+
if (!cursor_color_equal(last_set_cursor_color, desired_cursor_color)
19581978
|| last_set_cursor_shape != desired_cursor_shape
19591979
|| last_set_cursor_blink != desired_cursor_blink)
19601980
{
1961-
last_set_cursor_color = desired_cursor_color;
1981+
cursor_color_copy(&last_set_cursor_color, desired_cursor_color);
19621982
last_set_cursor_shape = desired_cursor_shape;
19631983
last_set_cursor_blink = desired_cursor_blink;
1964-
term_cursor_color(desired_cursor_color);
1984+
term_cursor_color(cursor_color_get(desired_cursor_color));
19651985
if (desired_cursor_shape == -1 || desired_cursor_blink == -1)
19661986
/* this will restore the initial cursor style, if possible */
19671987
ui_cursor_shape_forced(TRUE);
@@ -1984,10 +2004,7 @@ may_set_cursor_props(term_T *term)
19842004
#endif
19852005
if (in_terminal_loop == term)
19862006
{
1987-
if (term->tl_cursor_color != NULL)
1988-
desired_cursor_color = term->tl_cursor_color;
1989-
else
1990-
desired_cursor_color = (char_u *)"";
2007+
cursor_color_copy(&desired_cursor_color, term->tl_cursor_color);
19912008
desired_cursor_shape = term->tl_cursor_shape;
19922009
desired_cursor_blink = term->tl_cursor_blink;
19932010
may_output_cursor_props();
@@ -2004,7 +2021,7 @@ prepare_restore_cursor_props(void)
20042021
if (gui.in_use)
20052022
return;
20062023
#endif
2007-
desired_cursor_color = (char_u *)"";
2024+
cursor_color_copy(&desired_cursor_color, NULL);
20082025
desired_cursor_shape = -1;
20092026
desired_cursor_blink = -1;
20102027
may_output_cursor_props();
@@ -2624,13 +2641,7 @@ handle_settermprop(
26242641
break;
26252642

26262643
case VTERM_PROP_CURSORCOLOR:
2627-
if (desired_cursor_color == term->tl_cursor_color)
2628-
desired_cursor_color = (char_u *)"";
2629-
vim_free(term->tl_cursor_color);
2630-
if (*value->string == NUL)
2631-
term->tl_cursor_color = NULL;
2632-
else
2633-
term->tl_cursor_color = vim_strsave((char_u *)value->string);
2644+
cursor_color_copy(&term->tl_cursor_color, (char_u*)value->string);
26342645
may_set_cursor_props(term);
26352646
break;
26362647

@@ -4711,8 +4722,7 @@ f_term_getcursor(typval_T *argvars, typval_T *rettv)
47114722
dict_add_nr_str(d, "blink", blink_state_is_inverted()
47124723
? !term->tl_cursor_blink : term->tl_cursor_blink, NULL);
47134724
dict_add_nr_str(d, "shape", term->tl_cursor_shape, NULL);
4714-
dict_add_nr_str(d, "color", 0L, term->tl_cursor_color == NULL
4715-
? (char_u *)"" : term->tl_cursor_color);
4725+
dict_add_nr_str(d, "color", 0L, cursor_color_get(term->tl_cursor_color));
47164726
list_append_dict(l, d);
47174727
}
47184728
}

src/version.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -761,6 +761,8 @@ static char *(features[]) =
761761

762762
static int included_patches[] =
763763
{ /* Add new patch number below this line */
764+
/**/
765+
13,
764766
/**/
765767
12,
766768
/**/

0 commit comments

Comments
 (0)