To: vim_dev@googlegroups.com
Subject: Patch 9.0.1606
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 9.0.1606
Problem:    Using freed memory when 'foldcolumn' is set.
Solution:   Save extra pointer to free it later. (closes #12492)
Files:      src/drawline.c, src/testdir/test_fold.vim


*** ../vim-9.0.1605/src/drawline.c	2023-06-03 19:44:42.573842760 +0100
--- src/drawline.c	2023-06-04 18:44:44.706639414 +0100
***************
*** 150,155 ****
--- 150,156 ----
      // saved "extra" items for when draw_state becomes WL_LINE (again)
      int		saved_n_extra;
      char_u	*saved_p_extra;
+     char_u	*saved_p_extra_free;
      int		saved_extra_attr;
      int		saved_n_attr_skip;
      int		saved_extra_for_textprop;
***************
*** 230,236 ****
  	return;
  
      wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
! 	    wp, FALSE, wlv->lnum);
      wlv->p_extra_free[wlv->n_extra] = NUL;
      wlv->p_extra = wlv->p_extra_free;
      wlv->c_extra = NUL;
--- 231,237 ----
  	return;
  
      wlv->n_extra = (int)fill_foldcolumn(wlv->p_extra_free,
! 							 wp, FALSE, wlv->lnum);
      wlv->p_extra_free[wlv->n_extra] = NUL;
      wlv->p_extra = wlv->p_extra_free;
      wlv->c_extra = NUL;
***************
*** 979,984 ****
--- 980,988 ----
  	wlv->draw_state = WL_START;
  	wlv->saved_n_extra = wlv->n_extra;
  	wlv->saved_p_extra = wlv->p_extra;
+ 	vim_free(wlv->saved_p_extra_free);
+ 	wlv->saved_p_extra_free = wlv->p_extra_free;
+ 	wlv->p_extra_free = NULL;
  	wlv->saved_extra_attr = wlv->extra_attr;
  	wlv->saved_n_attr_skip = wlv->n_attr_skip;
  	wlv->saved_extra_for_textprop = wlv->extra_for_textprop;
***************
*** 1015,1020 ****
--- 1019,1027 ----
  	wlv->c_extra = wlv->saved_c_extra;
  	wlv->c_final = wlv->saved_c_final;
  	wlv->p_extra = wlv->saved_p_extra;
+ 	vim_free(wlv->p_extra_free);
+ 	wlv->p_extra_free = wlv->saved_p_extra_free;
+ 	wlv->saved_p_extra_free = NULL;
  	wlv->extra_attr = wlv->saved_extra_attr;
  	wlv->n_attr_skip = wlv->saved_n_attr_skip;
  	wlv->extra_for_textprop = wlv->saved_extra_for_textprop;
***************
*** 4119,4123 ****
--- 4126,4131 ----
  #endif
  
      vim_free(wlv.p_extra_free);
+     vim_free(wlv.saved_p_extra_free);
      return wlv.row;
  }
*** ../vim-9.0.1605/src/testdir/test_fold.vim	2023-02-18 20:15:39.693994664 +0000
--- src/testdir/test_fold.vim	2023-06-04 18:39:12.691154215 +0100
***************
*** 1755,1758 ****
--- 1755,1772 ----
    call assert_equal(1, line('.'))
  endfunc
  
+ " This was using freed memory
+ func Test_foldcolumn_linebreak_control_char()
+   CheckFeature linebreak
+ 
+   5vnew
+   setlocal foldcolumn=1 linebreak
+   call setline(1, "aaa\<C-A>b")
+   redraw
+   call assert_equal([' aaa^', ' Ab  '], ScreenLines([1, 2], 5))
+   call assert_equal(screenattr(1, 5), screenattr(2, 2))
+ 
+   bwipe!
+ endfunc
+ 
  " vim: shiftwidth=2 sts=2 expandtab
*** ../vim-9.0.1605/src/version.c	2023-06-04 18:11:31.998816728 +0100
--- src/version.c	2023-06-04 18:41:23.378943516 +0100
***************
*** 697,698 ****
--- 697,700 ----
  {   /* Add new patch number below this line */
+ /**/
+     1606,
  /**/

-- 
hundred-and-one symptoms of being an internet addict:
115. You are late picking up your kid from school and try to explain
     to the teacher you were stuck in Web traffic.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///