patch 9.0.0164: using freed memory with put command

Problem:    Using freed memory with put command.
Solution:   Get byte offset before replacing the line.

diff --git a/src/register.c b/src/register.c
index f34a0ddbb08a73632da18ce496737f166616659c..2dafeabf5ed3096f73dfb77be4fda1513b6e9f46 100644 (file)
--- a/src/register.c
+++ b/src/register.c
@@ -2099,13 +2099,15 @@ do_put(
                        ptr += yanklen;
                    }
                    STRMOVE(ptr, oldp + col);
-                   ml_replace(lnum, newp, FALSE);
-
-                   inserted_bytes(lnum, col, totlen);
 
                    // compute the byte offset for the last character
                    first_byte_off = mb_head_off(newp, ptr - 1);
 
+                   // Note: this may free "newp"
+                   ml_replace(lnum, newp, FALSE);
+
+                   inserted_bytes(lnum, col, totlen);
+
                    // Place cursor on last putted char.
                    if (lnum == curwin->w_cursor.lnum)
                    {

diff --git a/src/version.c b/src/version.c
index 9207b7f69fd320fcf42444463bcf8aea585a0c51..be59f1be2e8ade8b241e40aba605a4edb9d3938a 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -735,6 +735,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    164,
 /**/
     163,
 /**/