To: vim_dev@googlegroups.com Subject: Patch 8.2.1086 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.1086 Problem: Possibly using freed memory when text properties used when changing indent of a line. Solution: Compute the offset before calling ml_replace(). Files: src/indent.c *** ../vim-8.2.1085/src/indent.c 2020-04-30 22:29:36.626024141 +0200 --- src/indent.c 2020-06-29 20:38:37.383197698 +0200 *************** *** 757,762 **** --- 757,766 ---- // Replace the line (unless undo fails). if (!(flags & SIN_UNDO) || u_savesub(curwin->w_cursor.lnum) == OK) { + colnr_T old_offset = (colnr_T)(p - oldline); + colnr_T new_offset = (colnr_T)(s - newline); + + // this may free "newline" ml_replace(curwin->w_cursor.lnum, newline, FALSE); if (flags & SIN_CHANGED) changed_bytes(curwin->w_cursor.lnum, 0); *************** *** 764,787 **** // Correct saved cursor position if it is in this line. if (saved_cursor.lnum == curwin->w_cursor.lnum) { ! if (saved_cursor.col >= (colnr_T)(p - oldline)) // cursor was after the indent, adjust for the number of // bytes added/removed ! saved_cursor.col += ind_len - (colnr_T)(p - oldline); ! else if (saved_cursor.col >= (colnr_T)(s - newline)) // cursor was in the indent, and is now after it, put it back // at the start of the indent (replacing spaces with TAB) ! saved_cursor.col = (colnr_T)(s - newline); } #ifdef FEAT_PROP_POPUP { ! int added = ind_len - (colnr_T)(p - oldline); // When increasing indent this behaves like spaces were inserted at // the old indent, when decreasing indent it behaves like spaces // were deleted at the new indent. adjust_prop_columns(curwin->w_cursor.lnum, ! (colnr_T)(added > 0 ? (p - oldline) : ind_len), added, 0); } #endif retval = TRUE; --- 768,791 ---- // Correct saved cursor position if it is in this line. if (saved_cursor.lnum == curwin->w_cursor.lnum) { ! if (saved_cursor.col >= old_offset) // cursor was after the indent, adjust for the number of // bytes added/removed ! saved_cursor.col += ind_len - old_offset; ! else if (saved_cursor.col >= new_offset) // cursor was in the indent, and is now after it, put it back // at the start of the indent (replacing spaces with TAB) ! saved_cursor.col = new_offset; } #ifdef FEAT_PROP_POPUP { ! int added = ind_len - old_offset; // When increasing indent this behaves like spaces were inserted at // the old indent, when decreasing indent it behaves like spaces // were deleted at the new indent. adjust_prop_columns(curwin->w_cursor.lnum, ! added > 0 ? old_offset : (colnr_T)ind_len, added, 0); } #endif retval = TRUE; *** ../vim-8.2.1085/src/version.c 2020-06-29 20:23:29.374981834 +0200 --- src/version.c 2020-06-29 20:39:45.515011614 +0200 *************** *** 756,757 **** --- 756,759 ---- { /* Add new patch number below this line */ + /**/ + 1086, /**/ -- God made machine language; all the rest is the work of man. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///