Blob Blame History Raw
To: vim_dev@googlegroups.com
Subject: Patch 7.3.073
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.3.073
Problem:    Double free memory when netbeans command follows DETACH.
Solution:   Only free the node when owned. (Xavier de Gaye)
Files:	    src/netbeans.c


*** ../vim-7.3.072/src/netbeans.c	2010-11-16 15:48:57.000000000 +0100
--- src/netbeans.c	2010-12-02 16:59:11.000000000 +0100
***************
*** 643,648 ****
--- 643,649 ----
  {
      char_u	*p;
      queue_T	*node;
+     int		own_node;
  
      while (head.next != NULL && head.next != &head)
      {
***************
*** 681,700 ****
  	    *p++ = NUL;
  	    if (*p == NUL)
  	    {
  		head.next = node->next;
  		node->next->prev = node->prev;
  	    }
  
  	    /* now, parse and execute the commands */
  	    nb_parse_cmd(node->buffer);
  
! 	    if (*p == NUL)
  	    {
  		/* buffer finished, dispose of the node and buffer */
  		vim_free(node->buffer);
  		vim_free(node);
  	    }
! 	    else
  	    {
  		/* more follows, move to the start */
  		STRMOVE(node->buffer, p);
--- 682,706 ----
  	    *p++ = NUL;
  	    if (*p == NUL)
  	    {
+ 		own_node = TRUE;
  		head.next = node->next;
  		node->next->prev = node->prev;
  	    }
+ 	    else
+ 		own_node = FALSE;
  
  	    /* now, parse and execute the commands */
  	    nb_parse_cmd(node->buffer);
  
! 	    if (own_node)
  	    {
  		/* buffer finished, dispose of the node and buffer */
  		vim_free(node->buffer);
  		vim_free(node);
  	    }
! 	    /* Check that "head" wasn't changed under our fingers, e.g. when a
! 	     * DETACH command was handled. */
! 	    else if (head.next == node)
  	    {
  		/* more follows, move to the start */
  		STRMOVE(node->buffer, p);
*** ../vim-7.3.072/src/version.c	2010-12-02 16:01:23.000000000 +0100
--- src/version.c	2010-12-02 17:00:29.000000000 +0100
***************
*** 716,717 ****
--- 716,719 ----
  {   /* Add new patch number below this line */
+ /**/
+     73,
  /**/

-- 
If the Universe is constantly expanding, why can't I ever find a parking space?

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///