Google Git
Sign in
fuchsia / third_party / vim / refs/tags/v7.4.1908^! / .
commit5ce4a0b96ab688b1ea2481c2516e2889ff6713bf[log] [tgz]
authorBram Moolenaar <Bram@vim.org>Wed Jun 08 20:17:23 2016 +0200
committerBram Moolenaar <Bram@vim.org>Wed Jun 08 20:17:23 2016 +0200
tree02f7e79fdf986f8fc5c7d40a2aecfd6c7c6551ae
parent1d5f1d07aedb6f149f5de145b1dfd6528a769c93 [diff]
patch 7.4.1908
Problem:    Netbeans uses uninitialzed pointer and freed memory.
Solution:   Set "buffer" at the right place (hint by Ken Takata)

diff --git a/src/netbeans.c b/src/netbeans.c
index 9a9181c..46d725b 100644
--- a/src/netbeans.c
+++ b/src/netbeans.c

@@ -393,7 +393,7 @@
 	if (node == NULL)
 	    break;	/* nothing to read */
 
-	/* Locate the first line in the first buffer. */
+	/* Locate the end of the first line in the first buffer. */
 	p = channel_first_nl(node);
 	if (p == NULL)
 	{
@@ -402,32 +402,35 @@
 	     * prepend the text to that buffer and delete this one.  */
 	    if (channel_collapse(nb_channel, PART_SOCK, TRUE) == FAIL)
 		return;
+	    continue;
+	}
+
+	/* There is a complete command at the start of the buffer.
+	 * Terminate it with a NUL.  When no more text is following unlink
+	 * the buffer.  Do this before executing, because new buffers can
+	 * be added while busy handling the command. */
+	*p++ = NUL;
+	if (*p == NUL)
+	{
+	    own_node = TRUE;
+	    buffer = channel_get(nb_channel, PART_SOCK);
+	    /* "node" is now invalid! */
 	}
 	else
 	{
-	    /* There is a complete command at the start of the buffer.
-	     * Terminate it with a NUL.  When no more text is following unlink
-	     * the buffer.  Do this before executing, because new buffers can
-	     * be added while busy handling the command. */
-	    *p++ = NUL;
-	    if (*p == NUL)
-	    {
-		own_node = TRUE;
-		channel_get(nb_channel, PART_SOCK);
-	    }
-	    else
-		own_node = FALSE;
-
-	    /* now, parse and execute the commands */
-	    nb_parse_cmd(node->rq_buffer);
-
-	    if (own_node)
-		/* buffer finished, dispose of it */
-		vim_free(node->rq_buffer);
-	    else
-		/* more follows, move it to the start */
-		channel_consume(nb_channel, PART_SOCK, (int)(p - buffer));
+	    own_node = FALSE;
+	    buffer = node->rq_buffer;
 	}
+
+	/* now, parse and execute the commands */
+	nb_parse_cmd(buffer);
+
+	if (own_node)
+	    /* buffer finished, dispose of it */
+	    vim_free(buffer);
+	else
+	    /* more follows, move it to the start */
+	    channel_consume(nb_channel, PART_SOCK, (int)(p - buffer));
     }
 }
 

diff --git a/src/version.c b/src/version.c
index 571b54e..f4f70d4 100644
--- a/src/version.c
+++ b/src/version.c

@@ -754,6 +754,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1908,
+/**/
     1907,
 /**/
     1906,