To: vim_dev@googlegroups.com Subject: Patch 7.4.1908 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.4.1908 Problem: Netbeans uses uninitialzed pointer and freed memory. Solution: Set "buffer" at the right place (hint by Ken Takata) Files: src/netbeans.c *** ../vim-7.4.1907/src/netbeans.c 2016-06-07 22:16:31.690333465 +0200 --- src/netbeans.c 2016-06-08 20:11:03.597248519 +0200 *************** *** 393,399 **** if (node == NULL) break; /* nothing to read */ ! /* Locate the first line in the first buffer. */ p = channel_first_nl(node); if (p == NULL) { --- 393,399 ---- if (node == NULL) break; /* nothing to read */ ! /* Locate the end of the first line in the first buffer. */ p = channel_first_nl(node); if (p == NULL) { *************** *** 402,433 **** * prepend the text to that buffer and delete this one. */ if (channel_collapse(nb_channel, PART_SOCK, TRUE) == FAIL) return; } else { ! /* There is a complete command at the start of the buffer. ! * Terminate it with a NUL. When no more text is following unlink ! * the buffer. Do this before executing, because new buffers can ! * be added while busy handling the command. */ ! *p++ = NUL; ! if (*p == NUL) ! { ! own_node = TRUE; ! channel_get(nb_channel, PART_SOCK); ! } ! else ! own_node = FALSE; ! /* now, parse and execute the commands */ ! nb_parse_cmd(node->rq_buffer); ! if (own_node) ! /* buffer finished, dispose of it */ ! vim_free(node->rq_buffer); ! else ! /* more follows, move it to the start */ ! channel_consume(nb_channel, PART_SOCK, (int)(p - buffer)); ! } } } --- 402,436 ---- * prepend the text to that buffer and delete this one. */ if (channel_collapse(nb_channel, PART_SOCK, TRUE) == FAIL) return; + continue; + } + + /* There is a complete command at the start of the buffer. + * Terminate it with a NUL. When no more text is following unlink + * the buffer. Do this before executing, because new buffers can + * be added while busy handling the command. */ + *p++ = NUL; + if (*p == NUL) + { + own_node = TRUE; + buffer = channel_get(nb_channel, PART_SOCK); + /* "node" is now invalid! */ } else { ! own_node = FALSE; ! buffer = node->rq_buffer; ! } ! /* now, parse and execute the commands */ ! nb_parse_cmd(buffer); ! if (own_node) ! /* buffer finished, dispose of it */ ! vim_free(buffer); ! else ! /* more follows, move it to the start */ ! channel_consume(nb_channel, PART_SOCK, (int)(p - buffer)); } } *** ../vim-7.4.1907/src/version.c 2016-06-07 22:49:57.758305870 +0200 --- src/version.c 2016-06-08 20:01:07.209256723 +0200 *************** *** 755,756 **** --- 755,758 ---- { /* Add new patch number below this line */ + /**/ + 1908, /**/ -- hundred-and-one symptoms of being an internet addict: 63. You start using smileys in your snail mail. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///