To: vim_dev@googlegroups.com
Subject: Patch 8.2.3246
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 8.2.3246
Problem:    Memory use after free.
Solution:   When clearing a string option set the pointer to "empty_option".
Files:      src/option.c


*** ../vim-8.2.3245/src/option.c	2021-07-26 22:19:05.380122574 +0200
--- src/option.c	2021-07-29 21:11:16.519557524 +0200
***************
*** 807,813 ****
  	else if (options[i].var != VAR_WIN
  		&& (options[i].flags & P_STRING))
  	    // buffer-local option: free global value
! 	    free_string_option(*(char_u **)options[i].var);
      }
  }
  #endif
--- 807,813 ----
  	else if (options[i].var != VAR_WIN
  		&& (options[i].flags & P_STRING))
  	    // buffer-local option: free global value
! 	    clear_string_option((char_u **)options[i].var);
      }
  }
  #endif
*** ../vim-8.2.3245/src/version.c	2021-07-29 20:37:45.656199169 +0200
--- src/version.c	2021-07-29 20:57:00.389627830 +0200
***************
*** 757,758 ****
--- 757,760 ----
  {   /* Add new patch number below this line */
+ /**/
+     3246,
  /**/

-- 
A cow comes flying over the battlements,  lowing aggressively.  The cow
lands on GALAHAD'S PAGE, squashing him completely.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///