diff options
| author | f380cedric <f380cedric@users.noreply.github.com> | 2022-01-27 14:59:30 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-27 14:59:30 +0100 |
| commit | c5ac04331bdde5dd226c8e058103ed0fd1d140b7 (patch) | |
| tree | b28a0803debe17061b7a30a96a9ad35060adff27 /src/nvim/regexp_nfa.c | |
| parent | 5182627ce97162b90d8d6c34408c4ce937e1072c (diff) | |
| download | rneovim-c5ac04331bdde5dd226c8e058103ed0fd1d140b7.tar.gz rneovim-c5ac04331bdde5dd226c8e058103ed0fd1d140b7.tar.bz2 rneovim-c5ac04331bdde5dd226c8e058103ed0fd1d140b7.zip | |
vim-patch:8.2.3612: using freed memory with regexp using a mark (#16973)
Problem: Using freed memory with regexp using a mark.
Solution: Get the line again after getting the mark position.
https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6
Diffstat (limited to 'src/nvim/regexp_nfa.c')
| -rw-r--r-- | src/nvim/regexp_nfa.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/nvim/regexp_nfa.c b/src/nvim/regexp_nfa.c index cafffc0319..133858f113 100644 --- a/src/nvim/regexp_nfa.c +++ b/src/nvim/regexp_nfa.c @@ -6071,8 +6071,15 @@ static int nfa_regmatch(nfa_regprog_T *prog, nfa_state_T *start, case NFA_MARK_GT: case NFA_MARK_LT: { + size_t col = rex.input - rex.line; pos_T *pos = getmark_buf(rex.reg_buf, t->state->val, false); + // Line may have been freed, get it again. + if (REG_MULTI) { + rex.line = reg_getline(rex.lnum); + rex.input = rex.line + col; + } + // Compare the mark position to the match position, if the mark // exists and mark is set in reg_buf. if (pos != NULL && pos->lnum > 0) { |