diff options
| author | Eliseo Martínez <eliseomarmol@gmail.com> | 2014-11-14 09:17:16 +0100 |
|---|---|---|
| committer | Eliseo Martínez <eliseomarmol@gmail.com> | 2014-11-15 12:50:35 +0100 |
| commit | 4a8af9cc99cd97032d85819601dc44d6de852c1d (patch) | |
| tree | a2d78d4804a9550535993f546612d95ecc6c3e89 /src | |
| parent | fcd5a8643c2022f20f5225614fd5dc39775af486 (diff) | |
| download | rneovim-4a8af9cc99cd97032d85819601dc44d6de852c1d.tar.gz rneovim-4a8af9cc99cd97032d85819601dc44d6de852c1d.tar.bz2 rneovim-4a8af9cc99cd97032d85819601dc44d6de852c1d.zip | |
Fix warnings: undo.c: u_blockfree(): Use after free: FP.
Problem : Use-after-free @ 2686.
Diagnostic : False positive.
Rationale : Suggested error path is taking false branch
`uhp->uh_next.ptr != NULL` @ 2506, which cannot happen when
`uhp == buf->b_u_oldhead`.
Resolution : Assert `buf->b_u_oldhead` is changed after freeing old one.
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/undo.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/nvim/undo.c b/src/nvim/undo.c index b72d8ddb4f..2ab31b6cfd 100644 --- a/src/nvim/undo.c +++ b/src/nvim/undo.c @@ -80,6 +80,7 @@ #define UH_MAGIC 0x18dade /* value for uh_magic when in use */ #define UE_MAGIC 0xabc123 /* value for ue_magic when in use */ +#include <assert.h> #include <inttypes.h> #include <errno.h> #include <stdbool.h> @@ -2682,8 +2683,11 @@ void u_undoline(void) */ void u_blockfree(buf_T *buf) { - while (buf->b_u_oldhead != NULL) + while (buf->b_u_oldhead != NULL) { + u_header_T *previous_oldhead = buf->b_u_oldhead; u_freeheader(buf, buf->b_u_oldhead, NULL); + assert(buf->b_u_oldhead != previous_oldhead); + } free(buf->b_u_line_ptr); } |