patch 8.2.3675: using freed memory when vim_strsave() fails

Problem:    Using freed memory when vim_strsave() fails.
Solution:   Clear "last_sourcing_name".  Check for msg_source() called
            recursively. (closes #8217)

diff --git a/src/message.c b/src/message.c
index e438211fa15abc59120292eabe081d47da51b0cc..8992de013fbb204d0ea7d18675a7340093381454 100644 (file)
--- a/src/message.c
+++ b/src/message.c
@@ -522,6 +522,12 @@ get_emsg_lnum(void)
 msg_source(int attr)
 {
     char_u     *p;
+    static int recursive = FALSE;
+
+    // Bail out if something called here causes an error.
+    if (recursive)
+       return;
+    recursive = TRUE;
 
     ++no_wait_return;
     p = get_emsg_source();
@@ -541,13 +547,13 @@ msg_source(int attr)
     // remember the last sourcing name printed, also when it's empty
     if (SOURCING_NAME == NULL || other_sourcing_name())
     {
-       vim_free(last_sourcing_name);
-       if (SOURCING_NAME == NULL)
-           last_sourcing_name = NULL;
-       else
+       VIM_CLEAR(last_sourcing_name);
+       if (SOURCING_NAME != NULL)
            last_sourcing_name = vim_strsave(SOURCING_NAME);
     }
     --no_wait_return;
+
+    recursive = FALSE;
 }
 
 /*

diff --git a/src/version.c b/src/version.c
index 6d96d432473e12699e0254e602484ab88c8dff05..07d93d98b7f80d728378e1771aea7834056258b4 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -757,6 +757,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    3675,
 /**/
     3674,
 /**/