Patch 9.0.0026

6 views

Skip to first unread message

Bram Moolenaar

unread,

Jul 2, 2022, 10:10:37 AM7/2/22

to vim...@googlegroups.com

Patch 9.0.0026
Problem: Accessing freed memory with diff put.
Solution: Bail out when diff pointer is no longer valid.
Files: src/diff.c

*** ../vim-9.0.0025/src/diff.c 2022-06-26 17:49:55.000000000 +0100
--- src/diff.c 2022-07-02 15:07:09.622793370 +0100
***************
*** 2643,2648 ****
--- 2643,2662 ----
}

/*
+ * Return TRUE if "diff" appears in the list of diff blocks of the current tab.
+ */
+ static int
+ valid_diff(diff_T *diff)
+ {
+ diff_T *dp;
+
+ for (dp = curtab->tp_first_diff; dp != NULL; dp = dp->df_next)
+ if (dp == diff)
+ return TRUE;
+ return FALSE;
+ }
+
+ /*
* ":diffget"
* ":diffput"
*/
***************
*** 2899,2907 ****
}
}

- // Adjust marks. This will change the following entries!
if (added != 0)
{
mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added);
if (curwin->w_cursor.lnum >= lnum)
{
--- 2913,2921 ----
}
}

if (added != 0)
{
+ // Adjust marks. This will change the following entries!
mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added);
if (curwin->w_cursor.lnum >= lnum)
{
***************
*** 2923,2929 ****
#endif
vim_free(dfree);
}
! else
// mark_adjust() may have changed the count in a wrong way
dp->df_count[idx_to] = new_count;

--- 2937,2949 ----
#endif
vim_free(dfree);
}
!
! // mark_adjust() may have made "dp" invalid. We don't know where
! // to continue then, bail out.
! if (added != 0 && !valid_diff(dp))
! break;
!
! if (dfree == NULL)
// mark_adjust() may have changed the count in a wrong way
dp->df_count[idx_to] = new_count;

*** ../vim-9.0.0025/src/version.c 2022-07-02 13:43:17.947746835 +0100
--- src/version.c 2022-07-02 15:08:13.678672755 +0100
***************
*** 737,738 ****
--- 737,740 ----
{ /* Add new patch number below this line */
+ /**/
+ 26,
/**/

--
On the other hand, you have different fingers.
-- Steven Wright

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///

Reply all

Reply to author

Forward

0 new messages