To: vim_dev@googlegroups.com Subject: Patch 9.0.0246 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.0246 Problem: Using freed memory when 'tagfunc' deletes the buffer. Solution: Make a copy of the tag name. Files: src/tag.c, src/testdir/test_tagfunc.vim *** ../vim-9.0.0245/src/tag.c 2022-08-14 14:16:08.003582142 +0100 --- src/tag.c 2022-08-22 16:31:03.367399779 +0100 *************** *** 281,286 **** --- 281,287 ---- char_u *buf_ffname = curbuf->b_ffname; // name to use for // priority computation int use_tfu = 1; + char_u *tofree = NULL; // remember the matches for the last used tag static int num_matches = 0; *************** *** 630,636 **** * When desired match not found yet, try to find it (and others). */ if (use_tagstack) ! name = tagstack[tagstackidx].tagname; #if defined(FEAT_QUICKFIX) else if (g_do_tagpreview != 0) name = ptag_entry.tagname; --- 631,642 ---- * When desired match not found yet, try to find it (and others). */ if (use_tagstack) ! { ! // make a copy, the tagstack may change in 'tagfunc' ! name = vim_strsave(tagstack[tagstackidx].tagname); ! vim_free(tofree); ! tofree = name; ! } #if defined(FEAT_QUICKFIX) else if (g_do_tagpreview != 0) name = ptag_entry.tagname; *************** *** 922,927 **** --- 928,934 ---- g_do_tagpreview = 0; // don't do tag preview next time # endif + vim_free(tofree); #ifdef FEAT_CSCOPE return jumped_to_tag; #else *** ../vim-9.0.0245/src/testdir/test_tagfunc.vim 2022-02-12 20:31:53.000000000 +0000 --- src/testdir/test_tagfunc.vim 2022-08-22 16:26:12.048258435 +0100 *************** *** 389,392 **** --- 389,404 ---- %bw! endfunc + func Test_tagfunc_wipes_buffer() + func g:Tag0unc0(t,f,o) + bwipe + endfunc + set tagfunc=g:Tag0unc0 + new + cal assert_fails('tag 0', 'E987:') + + delfunc g:Tag0unc0 + set tagfunc= + endfunc + " vim: shiftwidth=2 sts=2 expandtab *** ../vim-9.0.0245/src/version.c 2022-08-22 15:19:12.732328943 +0100 --- src/version.c 2022-08-22 16:22:02.165170518 +0100 *************** *** 733,734 **** --- 733,736 ---- { /* Add new patch number below this line */ + /**/ + 246, /**/ -- An indication you must be a manager: You feel sorry for Dilbert's boss. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///