To: vim_dev@googlegroups.com Subject: Patch 8.1.0013 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.1.0013 Problem: Using freed memory when changing terminal cursor color. Solution: Make a copy of the color. (Dominique Pelle, closes #2938, closes #2941) Files: src/terminal.c *** ../vim-8.1.0012/src/terminal.c 2018-05-17 13:17:10.000000000 +0200 --- src/terminal.c 2018-05-21 14:46:25.723564355 +0200 *************** *** 171,178 **** /* Store the last set and the desired cursor properties, so that we only update * them when needed. Doing it unnecessary may result in flicker. */ ! static char_u *last_set_cursor_color = (char_u *)""; ! static char_u *desired_cursor_color = (char_u *)""; static int last_set_cursor_shape = -1; static int desired_cursor_shape = -1; static int last_set_cursor_blink = -1; --- 171,178 ---- /* Store the last set and the desired cursor properties, so that we only update * them when needed. Doing it unnecessary may result in flicker. */ ! static char_u *last_set_cursor_color = NULL; ! static char_u *desired_cursor_color = NULL; static int last_set_cursor_shape = -1; static int desired_cursor_shape = -1; static int last_set_cursor_blink = -1; *************** *** 183,188 **** --- 183,210 ---- * 1. Generic code for all systems. */ + static void + cursor_color_copy(char_u** to_color, char_u* from_color) + { + vim_free(*to_color); + *to_color = (from_color == NULL) ? NULL : vim_strsave(from_color); + } + + static int + cursor_color_equal(char_u *lhs_color, char_u *rhs_color) + { + if (lhs_color != NULL && rhs_color != NULL) + return STRCMP(lhs_color, rhs_color) == 0; + return lhs_color == NULL && rhs_color == NULL; + } + + static char_u * + cursor_color_get(char_u *color) + { + return (color == NULL) ? (char_u *)"" : color; + } + + /* * Parse 'termwinsize' and set "rows" and "cols" for the terminal size in the * current window. *************** *** 823,830 **** if (term->tl_out_fd != NULL) fclose(term->tl_out_fd); #endif - if (desired_cursor_color == term->tl_cursor_color) - desired_cursor_color = (char_u *)""; vim_free(term->tl_cursor_color); vim_free(term); buf->b_term = NULL; --- 845,850 ---- *************** *** 1954,1967 **** static void may_output_cursor_props(void) { ! if (STRCMP(last_set_cursor_color, desired_cursor_color) != 0 || last_set_cursor_shape != desired_cursor_shape || last_set_cursor_blink != desired_cursor_blink) { ! last_set_cursor_color = desired_cursor_color; last_set_cursor_shape = desired_cursor_shape; last_set_cursor_blink = desired_cursor_blink; ! term_cursor_color(desired_cursor_color); if (desired_cursor_shape == -1 || desired_cursor_blink == -1) /* this will restore the initial cursor style, if possible */ ui_cursor_shape_forced(TRUE); --- 1974,1987 ---- static void may_output_cursor_props(void) { ! if (!cursor_color_equal(last_set_cursor_color, desired_cursor_color) || last_set_cursor_shape != desired_cursor_shape || last_set_cursor_blink != desired_cursor_blink) { ! cursor_color_copy(&last_set_cursor_color, desired_cursor_color); last_set_cursor_shape = desired_cursor_shape; last_set_cursor_blink = desired_cursor_blink; ! term_cursor_color(cursor_color_get(desired_cursor_color)); if (desired_cursor_shape == -1 || desired_cursor_blink == -1) /* this will restore the initial cursor style, if possible */ ui_cursor_shape_forced(TRUE); *************** *** 1984,1993 **** #endif if (in_terminal_loop == term) { ! if (term->tl_cursor_color != NULL) ! desired_cursor_color = term->tl_cursor_color; ! else ! desired_cursor_color = (char_u *)""; desired_cursor_shape = term->tl_cursor_shape; desired_cursor_blink = term->tl_cursor_blink; may_output_cursor_props(); --- 2004,2010 ---- #endif if (in_terminal_loop == term) { ! cursor_color_copy(&desired_cursor_color, term->tl_cursor_color); desired_cursor_shape = term->tl_cursor_shape; desired_cursor_blink = term->tl_cursor_blink; may_output_cursor_props(); *************** *** 2004,2010 **** if (gui.in_use) return; #endif ! desired_cursor_color = (char_u *)""; desired_cursor_shape = -1; desired_cursor_blink = -1; may_output_cursor_props(); --- 2021,2027 ---- if (gui.in_use) return; #endif ! cursor_color_copy(&desired_cursor_color, NULL); desired_cursor_shape = -1; desired_cursor_blink = -1; may_output_cursor_props(); *************** *** 2624,2636 **** break; case VTERM_PROP_CURSORCOLOR: ! if (desired_cursor_color == term->tl_cursor_color) ! desired_cursor_color = (char_u *)""; ! vim_free(term->tl_cursor_color); ! if (*value->string == NUL) ! term->tl_cursor_color = NULL; ! else ! term->tl_cursor_color = vim_strsave((char_u *)value->string); may_set_cursor_props(term); break; --- 2641,2647 ---- break; case VTERM_PROP_CURSORCOLOR: ! cursor_color_copy(&term->tl_cursor_color, (char_u*)value->string); may_set_cursor_props(term); break; *************** *** 4711,4718 **** dict_add_nr_str(d, "blink", blink_state_is_inverted() ? !term->tl_cursor_blink : term->tl_cursor_blink, NULL); dict_add_nr_str(d, "shape", term->tl_cursor_shape, NULL); ! dict_add_nr_str(d, "color", 0L, term->tl_cursor_color == NULL ! ? (char_u *)"" : term->tl_cursor_color); list_append_dict(l, d); } } --- 4722,4728 ---- dict_add_nr_str(d, "blink", blink_state_is_inverted() ? !term->tl_cursor_blink : term->tl_cursor_blink, NULL); dict_add_nr_str(d, "shape", term->tl_cursor_shape, NULL); ! dict_add_nr_str(d, "color", 0L, cursor_color_get(term->tl_cursor_color)); list_append_dict(l, d); } } *** ../vim-8.1.0012/src/version.c 2018-05-21 13:39:36.051906757 +0200 --- src/version.c 2018-05-21 14:47:20.927181563 +0200 *************** *** 763,764 **** --- 763,766 ---- { /* Add new patch number below this line */ + /**/ + 13, /**/ -- Friends? I have lots of friends! In fact, I have all episodes ever made. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///