From 44531928b3512b143f6e3c958e49f99e827eb7de Mon Sep 17 00:00:00 2001 From: Jan Edmund Lazo Date: Sun, 31 May 2020 17:01:28 -0400 Subject: vim-patch:8.1.2018: using freed memory when out of memory and displaying message Problem: Using freed memory when out of memory and displaying message. Solution: Make a copy of the message first. https://github.com/vim/vim/commit/e5fbd7393067c279860598ac8359d1617b1082b9 --- src/nvim/normal.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'src/nvim/normal.c') diff --git a/src/nvim/normal.c b/src/nvim/normal.c index 87d687198d..968cfde388 100644 --- a/src/nvim/normal.c +++ b/src/nvim/normal.c @@ -621,6 +621,8 @@ static void normal_redraw_mode_message(NormalState *s) update_screen(0); // now reset it, otherwise it's put in the history again keep_msg = kmsg; + + kmsg = vim_strsave(keep_msg); msg_attr((const char *)kmsg, keep_msg_attr); xfree(kmsg); } @@ -1265,10 +1267,15 @@ static void normal_redraw(NormalState *s) // Display message after redraw. If an external message is still visible, // it contains the kept message already. if (keep_msg != NULL && !msg_ext_is_visible()) { - // msg_attr_keep() will set keep_msg to NULL, must free the string here. - // Don't reset keep_msg, msg_attr_keep() uses it to check for duplicates. - char *p = (char *)keep_msg; - msg_attr(p, keep_msg_attr); + char_u *const p = vim_strsave(keep_msg); + + // msg_start() will set keep_msg to NULL, make a copy + // first. Don't reset keep_msg, msg_attr_keep() uses it to + // check for duplicates. Never put this message in + // history. + msg_hist_off = true; + msg_attr((const char *)p, keep_msg_attr); + msg_hist_off = false; xfree(p); } -- cgit