aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorzeertzjq <zeertzjq@outlook.com>2022-07-12 16:17:36 +0800
committerzeertzjq <zeertzjq@outlook.com>2022-07-12 16:23:32 +0800
commitaa373e3abb17a5265b1afa8c119207980e90001a (patch)
treeeff7937a6f68e013a131891dfd3ebeeb121c4ee1 /src
parent4aa4675fbface275224d178ebb436bc214dd1056 (diff)
downloadrneovim-aa373e3abb17a5265b1afa8c119207980e90001a.tar.gz
rneovim-aa373e3abb17a5265b1afa8c119207980e90001a.tar.bz2
rneovim-aa373e3abb17a5265b1afa8c119207980e90001a.zip
vim-patch:8.2.5050: using freed memory when searching for pattern in path
Problem: Using freed memory when searching for pattern in path. Solution: Make a copy of the line. https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 Cherry-pick Test_def_search() -> Test_macro_search() from patch 8.2.0369
Diffstat (limited to 'src')
-rw-r--r--src/nvim/search.c16
-rw-r--r--src/nvim/testdir/test_tagjump.vim13
2 files changed, 25 insertions, 4 deletions
diff --git a/src/nvim/search.c b/src/nvim/search.c
index a915594e26..4e96a9fcad 100644
--- a/src/nvim/search.c
+++ b/src/nvim/search.c
@@ -5303,6 +5303,16 @@ void f_matchfuzzypos(typval_T *argvars, typval_T *rettv, FunPtr fptr)
do_fuzzymatch(argvars, rettv, true);
}
+/// Get line "lnum" and copy it into "buf[LSIZE]".
+/// The copy is made because the regexp may make the line invalid when using a
+/// mark.
+static char_u *get_line_and_copy(linenr_T lnum, char_u *buf)
+{
+ char_u *line = ml_get(lnum);
+ STRLCPY(buf, line, LSIZE);
+ return buf;
+}
+
/// Find identifiers or defines in included files.
/// If p_ic && (compl_cont_status & CONT_SOL) then ptr must be in lowercase.
///
@@ -5399,7 +5409,7 @@ void find_pattern_in_path(char_u *ptr, Direction dir, size_t len, bool whole, bo
if (lnum > end_lnum) { // do at least one line
lnum = end_lnum;
}
- line = ml_get(lnum);
+ line = get_line_and_copy(lnum, file_line);
for (;;) {
if (incl_regmatch.regprog != NULL
@@ -5687,7 +5697,7 @@ search_line:
if (lnum >= end_lnum) {
goto exit_matched;
}
- line = ml_get(++lnum);
+ line = get_line_and_copy(++lnum, file_line);
} else if (vim_fgets(line = file_line,
LSIZE, files[depth].fp)) {
goto exit_matched;
@@ -5879,7 +5889,7 @@ exit_matched:
if (++lnum > end_lnum) {
break;
}
- line = ml_get(lnum);
+ line = get_line_and_copy(lnum, file_line);
}
already = NULL;
}
diff --git a/src/nvim/testdir/test_tagjump.vim b/src/nvim/testdir/test_tagjump.vim
index bcb808e774..3fde7f3f06 100644
--- a/src/nvim/testdir/test_tagjump.vim
+++ b/src/nvim/testdir/test_tagjump.vim
@@ -1180,9 +1180,20 @@ func Test_inc_search()
close!
endfunc
+" this was using a line from ml_get() freed by the regexp
+func Test_isearch_copy_line()
+ new
+ norm o
+ norm 0
+ 0norm o
+ sil! norm bc0
+ sil! isearch \%')
+ bwipe!
+endfunc
+
" Test for :dsearch, :dlist, :djump and :dsplit commands
" Test for [d, ]d, [D, ]D, [ CTRL-D, ] CTRL-D and CTRL-W d commands
-func Test_def_search()
+func Test_macro_search()
new
call setline(1, ['#define FOO 1', '#define FOO 2', '#define FOO 3',
\ '#define FOO 4', '#define FOO 5'])
generated by cgit (git 2.34.1) at 2025-05-15 11:03:15 +0000