Skip to content

Commit 58e1e01

Browse files
zeertzjqbrammool
zeertzjq
authored and
brammool
committed
patch 9.0.1606: using freed memory when 'foldcolumn' is set
Problem: Using freed memory when 'foldcolumn' is set. Solution: Save extra pointer to free it later. (closes #12492)
1 parent 114ec81 commit 58e1e01

3 files changed

Lines changed: 25 additions & 1 deletion

File tree

src/drawline.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,7 @@ typedef struct {
150150
// saved "extra" items for when draw_state becomes WL_LINE (again)
151151
int saved_n_extra;
152152
char_u *saved_p_extra;
153+
char_u *saved_p_extra_free;
153154
int saved_extra_attr;
154155
int saved_n_attr_skip;
155156
int saved_extra_for_textprop;
@@ -230,7 +231,7 @@ handle_foldcolumn(win_T *wp, winlinevars_T *wlv)
230231
return;
231232

232233
wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
233-
wp, FALSE, wlv->lnum);
234+
wp, FALSE, wlv->lnum);
234235
wlv->p_extra_free[wlv->n_extra] = NUL;
235236
wlv->p_extra = wlv->p_extra_free;
236237
wlv->c_extra = NUL;
@@ -979,6 +980,9 @@ win_line_start(win_T *wp UNUSED, winlinevars_T *wlv, int save_extra)
979980
wlv->draw_state = WL_START;
980981
wlv->saved_n_extra = wlv->n_extra;
981982
wlv->saved_p_extra = wlv->p_extra;
983+
vim_free(wlv->saved_p_extra_free);
984+
wlv->saved_p_extra_free = wlv->p_extra_free;
985+
wlv->p_extra_free = NULL;
982986
wlv->saved_extra_attr = wlv->extra_attr;
983987
wlv->saved_n_attr_skip = wlv->n_attr_skip;
984988
wlv->saved_extra_for_textprop = wlv->extra_for_textprop;
@@ -1015,6 +1019,9 @@ win_line_continue(winlinevars_T *wlv)
10151019
wlv->c_extra = wlv->saved_c_extra;
10161020
wlv->c_final = wlv->saved_c_final;
10171021
wlv->p_extra = wlv->saved_p_extra;
1022+
vim_free(wlv->p_extra_free);
1023+
wlv->p_extra_free = wlv->saved_p_extra_free;
1024+
wlv->saved_p_extra_free = NULL;
10181025
wlv->extra_attr = wlv->saved_extra_attr;
10191026
wlv->n_attr_skip = wlv->saved_n_attr_skip;
10201027
wlv->extra_for_textprop = wlv->saved_extra_for_textprop;
@@ -4119,5 +4126,6 @@ win_line(
41194126
#endif
41204127

41214128
vim_free(wlv.p_extra_free);
4129+
vim_free(wlv.saved_p_extra_free);
41224130
return wlv.row;
41234131
}

src/testdir/test_fold.vim

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1755,4 +1755,18 @@ func Test_fold_screenrow_motion()
17551755
call assert_equal(1, line('.'))
17561756
endfunc
17571757

1758+
" This was using freed memory
1759+
func Test_foldcolumn_linebreak_control_char()
1760+
CheckFeature linebreak
1761+
1762+
5vnew
1763+
setlocal foldcolumn=1 linebreak
1764+
call setline(1, "aaa\<C-A>b")
1765+
redraw
1766+
call assert_equal([' aaa^', ' Ab '], ScreenLines([1, 2], 5))
1767+
call assert_equal(screenattr(1, 5), screenattr(2, 2))
1768+
1769+
bwipe!
1770+
endfunc
1771+
17581772
" vim: shiftwidth=2 sts=2 expandtab

src/version.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -695,6 +695,8 @@ static char *(features[]) =
695695

696696
static int included_patches[] =
697697
{ /* Add new patch number below this line */
698+
/**/
699+
1606,
698700
/**/
699701
1605,
700702
/**/

0 commit comments

Comments
 (0)