mirror of
https://github.com/vim/vim.git
synced 2025-07-24 10:45:12 -04:00
patch 9.1.1344: double free in f_complete_match() (after v9.1.1341)
Problem: double free in f_complete_match() (after v9.1.1341) Solution: remove additional free of trig pointer, correctly free regmatch.regprog and before_cursor in the error case closes: #17203 Signed-off-by: glepnir <glephunter@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
parent
e380b5cbba
commit
3accf046ec
@ -3592,7 +3592,6 @@ f_complete_match(typval_T *argvars, typval_T *rettv)
|
||||
regmatch_T regmatch;
|
||||
char_u *before_cursor = NULL;
|
||||
char_u *cur_end = NULL;
|
||||
char_u *trig = NULL;
|
||||
int bytepos = 0;
|
||||
char_u part[MAXPATHL];
|
||||
int ret;
|
||||
@ -3643,20 +3642,21 @@ f_complete_match(typval_T *argvars, typval_T *rettv)
|
||||
{
|
||||
if (vim_regexec_nl(®match, before_cursor, (colnr_T)0))
|
||||
{
|
||||
bytepos = (int)(regmatch.startp[0] - before_cursor);
|
||||
trig = vim_strnsave(regmatch.startp[0],
|
||||
char_u *trig = vim_strnsave(regmatch.startp[0],
|
||||
regmatch.endp[0] - regmatch.startp[0]);
|
||||
if (trig == NULL)
|
||||
{
|
||||
vim_free(before_cursor);
|
||||
vim_regfree(regmatch.regprog);
|
||||
return;
|
||||
}
|
||||
|
||||
bytepos = (int)(regmatch.startp[0] - before_cursor);
|
||||
ret = add_match_to_list(rettv, trig, -1, bytepos);
|
||||
vim_free(trig);
|
||||
if (ret == FAIL)
|
||||
{
|
||||
vim_free(trig);
|
||||
vim_free(before_cursor);
|
||||
vim_regfree(regmatch.regprog);
|
||||
return;
|
||||
}
|
||||
|
@ -704,6 +704,8 @@ static char *(features[]) =
|
||||
|
||||
static int included_patches[] =
|
||||
{ /* Add new patch number below this line */
|
||||
/**/
|
||||
1344,
|
||||
/**/
|
||||
1343,
|
||||
/**/
|
||||
|
Loading…
x
Reference in New Issue
Block a user