To: vim_dev@googlegroups.com Subject: Patch 9.0.0026 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.0026 Problem: Accessing freed memory with diff put. Solution: Bail out when diff pointer is no longer valid. Files: src/diff.c *** ../vim-9.0.0025/src/diff.c 2022-06-26 17:49:55.000000000 +0100 --- src/diff.c 2022-07-02 15:07:09.622793370 +0100 *************** *** 2643,2648 **** --- 2643,2662 ---- } /* + * Return TRUE if "diff" appears in the list of diff blocks of the current tab. + */ + static int + valid_diff(diff_T *diff) + { + diff_T *dp; + + for (dp = curtab->tp_first_diff; dp != NULL; dp = dp->df_next) + if (dp == diff) + return TRUE; + return FALSE; + } + + /* * ":diffget" * ":diffput" */ *************** *** 2899,2907 **** } } - // Adjust marks. This will change the following entries! if (added != 0) { mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added); if (curwin->w_cursor.lnum >= lnum) { --- 2913,2921 ---- } } if (added != 0) { + // Adjust marks. This will change the following entries! mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added); if (curwin->w_cursor.lnum >= lnum) { *************** *** 2923,2929 **** #endif vim_free(dfree); } ! else // mark_adjust() may have changed the count in a wrong way dp->df_count[idx_to] = new_count; --- 2937,2949 ---- #endif vim_free(dfree); } ! ! // mark_adjust() may have made "dp" invalid. We don't know where ! // to continue then, bail out. ! if (added != 0 && !valid_diff(dp)) ! break; ! ! if (dfree == NULL) // mark_adjust() may have changed the count in a wrong way dp->df_count[idx_to] = new_count; *** ../vim-9.0.0025/src/version.c 2022-07-02 13:43:17.947746835 +0100 --- src/version.c 2022-07-02 15:08:13.678672755 +0100 *************** *** 737,738 **** --- 737,740 ---- { /* Add new patch number below this line */ + /**/ + 26, /**/ -- On the other hand, you have different fingers. -- Steven Wright /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///