To: vim_dev@googlegroups.com Subject: Patch 8.2.0571 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.0571 Problem: Double free when passing invalid argument to job_start(). Solution: Clear the argument when freed. (Masato Nishihata, closes #5926) Files: src/misc2.c, src/testdir/test_channel.vim *** ../vim-8.2.0570/src/misc2.c 2020-04-02 18:50:42.423773112 +0200 --- src/misc2.c 2020-04-13 17:41:08.401271001 +0200 *************** *** 4356,4362 **** --- 4356,4365 ---- int i; for (i = 0; i < *argc; ++i) + { vim_free((*argv)[i]); + (*argv)[i] = NULL; + } return FAIL; } (*argv)[*argc] = (char *)vim_strsave(s); *** ../vim-8.2.0570/src/testdir/test_channel.vim 2020-04-12 17:52:49.429492390 +0200 --- src/testdir/test_channel.vim 2020-04-13 17:39:14.529639676 +0200 *************** *** 1681,1686 **** --- 1681,1687 ---- call assert_fails('let job = job_start([" "])', 'E474:') call assert_fails('let job = job_start("")', 'E474:') call assert_fails('let job = job_start(" ")', 'E474:') + call assert_fails('let job = job_start(["ls", []])', 'E730:') %bw! endfunc *** ../vim-8.2.0570/src/version.c 2020-04-13 17:20:56.174130307 +0200 --- src/version.c 2020-04-13 17:40:37.481369740 +0200 *************** *** 740,741 **** --- 740,743 ---- { /* Add new patch number below this line */ + /**/ + 571, /**/ -- FIRST SOLDIER: So they wouldn't be able to bring a coconut back anyway. SECOND SOLDIER: Wait a minute! Suppose two swallows carried it together? FIRST SOLDIER: No, they'd have to have it on a line. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///