patch 7.4.1908
Problem: Netbeans uses uninitialzed pointer and freed memory.
Solution: Set "buffer" at the right place (hint by Ken Takata)
diff --git a/src/netbeans.c b/src/netbeans.c
index 9a9181c..46d725b 100644
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -393,7 +393,7 @@
if (node == NULL)
break; /* nothing to read */
- /* Locate the first line in the first buffer. */
+ /* Locate the end of the first line in the first buffer. */
p = channel_first_nl(node);
if (p == NULL)
{
@@ -402,32 +402,35 @@
* prepend the text to that buffer and delete this one. */
if (channel_collapse(nb_channel, PART_SOCK, TRUE) == FAIL)
return;
+ continue;
+ }
+
+ /* There is a complete command at the start of the buffer.
+ * Terminate it with a NUL. When no more text is following unlink
+ * the buffer. Do this before executing, because new buffers can
+ * be added while busy handling the command. */
+ *p++ = NUL;
+ if (*p == NUL)
+ {
+ own_node = TRUE;
+ buffer = channel_get(nb_channel, PART_SOCK);
+ /* "node" is now invalid! */
}
else
{
- /* There is a complete command at the start of the buffer.
- * Terminate it with a NUL. When no more text is following unlink
- * the buffer. Do this before executing, because new buffers can
- * be added while busy handling the command. */
- *p++ = NUL;
- if (*p == NUL)
- {
- own_node = TRUE;
- channel_get(nb_channel, PART_SOCK);
- }
- else
- own_node = FALSE;
-
- /* now, parse and execute the commands */
- nb_parse_cmd(node->rq_buffer);
-
- if (own_node)
- /* buffer finished, dispose of it */
- vim_free(node->rq_buffer);
- else
- /* more follows, move it to the start */
- channel_consume(nb_channel, PART_SOCK, (int)(p - buffer));
+ own_node = FALSE;
+ buffer = node->rq_buffer;
}
+
+ /* now, parse and execute the commands */
+ nb_parse_cmd(buffer);
+
+ if (own_node)
+ /* buffer finished, dispose of it */
+ vim_free(buffer);
+ else
+ /* more follows, move it to the start */
+ channel_consume(nb_channel, PART_SOCK, (int)(p - buffer));
}
}
diff --git a/src/version.c b/src/version.c
index 571b54e..f4f70d4 100644
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1908,
+/**/
1907,
/**/
1906,