Patch 9.0.0164

[Bram Moolenaar]

Patch 9.0.0164
Problem: Using freed memory with put command.
Solution: Get byte offset before replacing the line.
Files: src/register.c


*** ../vim-9.0.0163/src/register.c 2022-08-07 14:55:09.543290953 +0100
--- src/register.c 2022-08-07 18:02:48.302005163 +0100
***************
*** 2099,2111 ****
ptr += yanklen;
}
STRMOVE(ptr, oldp + col);
- ml_replace(lnum, newp, FALSE);
-
- inserted_bytes(lnum, col, totlen);

// compute the byte offset for the last character
first_byte_off = mb_head_off(newp, ptr - 1);

// Place cursor on last putted char.
if (lnum == curwin->w_cursor.lnum)
{
--- 2099,2113 ----
ptr += yanklen;
}
STRMOVE(ptr, oldp + col);

// compute the byte offset for the last character
first_byte_off = mb_head_off(newp, ptr - 1);

+ // Note: this may free "newp"
+ ml_replace(lnum, newp, FALSE);
+
+ inserted_bytes(lnum, col, totlen);
+
// Place cursor on last putted char.
if (lnum == curwin->w_cursor.lnum)
{
*** ../vim-9.0.0163/src/version.c 2022-08-07 14:55:09.547290962 +0100
--- src/version.c 2022-08-07 18:08:42.645941350 +0100
***************
*** 737,738 ****
--- 737,740 ----
{ /* Add new patch number below this line */
+ /**/
+ 164,
/**/

--
hundred-and-one symptoms of being an internet addict:
269. You wonder how you can make your dustbin produce Sesame Street's
Oscar's the Garbage Monster song when you empty it.

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///