To: vim_dev@googlegroups.com
Subject: Patch 8.2.3741
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 8.2.3741
Problem:    Using freed memory in open command.
Solution:   Make a copy of the current line.
Files:      src/ex_docmd.c, src/testdir/test_ex_mode.vim


*** ../vim-8.2.3740/src/ex_docmd.c	2021-12-01 15:22:53.106902067 +0000
--- src/ex_docmd.c	2021-12-05 12:05:04.119643528 +0000
***************
*** 6877,6889 ****
  	regmatch.regprog = vim_regcomp(eap->arg, magic_isset() ? RE_MAGIC : 0);
  	if (regmatch.regprog != NULL)
  	{
  	    regmatch.rm_ic = p_ic;
! 	    p = ml_get_curline();
! 	    if (vim_regexec(&regmatch, p, (colnr_T)0))
! 		curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p);
  	    else
  		emsg(_(e_nomatch));
  	    vim_regfree(regmatch.regprog);
  	}
  	// Move to the NUL, ignore any other arguments.
  	eap->arg += STRLEN(eap->arg);
--- 6877,6893 ----
  	regmatch.regprog = vim_regcomp(eap->arg, magic_isset() ? RE_MAGIC : 0);
  	if (regmatch.regprog != NULL)
  	{
+ 	    // make a copy of the line, when searching for a mark it might be
+ 	    // flushed
+ 	    char_u *line = vim_strsave(ml_get_curline());
+ 
  	    regmatch.rm_ic = p_ic;
! 	    if (vim_regexec(&regmatch, line, (colnr_T)0))
! 		curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line);
  	    else
  		emsg(_(e_nomatch));
  	    vim_regfree(regmatch.regprog);
+ 	    vim_free(line);
  	}
  	// Move to the NUL, ignore any other arguments.
  	eap->arg += STRLEN(eap->arg);
*** ../vim-8.2.3740/src/testdir/test_ex_mode.vim	2021-05-16 15:19:33.764664477 +0100
--- src/testdir/test_ex_mode.vim	2021-12-05 12:03:03.751268876 +0000
***************
*** 121,126 ****
--- 121,139 ----
    close!
  endfunc
  
+ func Test_open_command_flush_line()
+   " this was accessing freed memory: the regexp match uses a pointer to the
+   " current line which becomes invalid when searching for the ') mark.
+   new
+   call setline(1, ['one', 'two. three'])
+   s/one/ONE
+   try
+     open /\%')/
+   catch /E479/
+   endtry
+   bwipe!
+ endfunc
+ 
  " Test for :g/pat/visual to run vi commands in Ex mode
  " This used to hang Vim before 8.2.0274.
  func Test_Ex_global()
*** ../vim-8.2.3740/src/version.c	2021-12-05 11:36:20.187448497 +0000
--- src/version.c	2021-12-05 11:58:52.905967587 +0000
***************
*** 755,756 ****
--- 755,758 ----
  {   /* Add new patch number below this line */
+ /**/
+     3741,
  /**/

-- 
The fastest way to get an engineer to solve a problem is to declare that the
problem is unsolvable.  No engineer can walk away from an unsolvable problem
until it's solved.
				(Scott Adams - The Dilbert principle)

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///