Skip to content

Commit 6739114

Browse files
brammoolbrammool
committed
patch 8.0.0342: double free with EXITFREE and setting 'ttytype'
Problem: Double free when compiled with EXITFREE and setting 'ttytype'. Solution: Avoid setting P_ALLOCED on 'ttytype'. (Dominique Pelle, closes #1461)
1 parent d56a79d commit 6739114

File tree

3 files changed

+28
-1
lines changed

3 files changed

+28
-1
lines changed

src/option.c

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3775,7 +3775,7 @@ free_all_options(void)
37753775
if (options[i].indir == PV_NONE)
37763776
{
37773777
/* global option: free value and default value. */
3778-
if (options[i].flags & P_ALLOCED && options[i].var != NULL)
3778+
if ((options[i].flags & P_ALLOCED) && options[i].var != NULL)
37793779
free_string_option(*(char_u **)options[i].var);
37803780
if (options[i].flags & P_DEF_ALLOCED)
37813781
free_string_option(options[i].def_val[VI_DEFAULT]);
@@ -5929,8 +5929,14 @@ did_set_string_option(
59295929
else if (set_termname(T_NAME) == FAIL)
59305930
errmsg = (char_u *)N_("E522: Not found in termcap");
59315931
else
5932+
{
59325933
/* Screen colors may have changed. */
59335934
redraw_later_clear();
5935+
5936+
/* Both 'term' and 'ttytype' point to T_NAME, only set the
5937+
* P_ALLOCED flag on 'term'. */
5938+
opt_idx = findoption((char_u *)"term");
5939+
}
59345940
}
59355941

59365942
/* 'backupcopy' */

src/testdir/test_options.vim

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -235,3 +235,22 @@ func Test_set_errors()
235235
call assert_fails("set showbreak=\x01", 'E595:')
236236
call assert_fails('set t_foo=', 'E846:')
237237
endfunc
238+
239+
func Test_set_ttytype()
240+
if !has('gui_running') && has('unix')
241+
" Setting 'ttytype' used to cause a double-free when exiting vim and
242+
" when vim is compiled with -DEXITFREE.
243+
set ttytype=ansi
244+
call assert_equal('ansi', &ttytype)
245+
call assert_equal(&ttytype, &term)
246+
set ttytype=xterm
247+
call assert_equal('xterm', &ttytype)
248+
call assert_equal(&ttytype, &term)
249+
" FIXME: "set ttytype=" gives E522 instead of E529
250+
" in travis on some builds. Why? Commented out this test for now.
251+
" call assert_fails('set ttytype=', 'E529:')
252+
call assert_fails('set ttytype=xxx', 'E522:')
253+
set ttytype&
254+
call assert_equal(&ttytype, &term)
255+
endif
256+
endfunc

src/version.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -764,6 +764,8 @@ static char *(features[]) =
764764

765765
static int included_patches[] =
766766
{ /* Add new patch number below this line */
767+
/**/
768+
342,
767769
/**/
768770
341,
769771
/**/

0 commit comments

Comments
 (0)