patch 8.2.4646: using buffer line after it has been freed Problem: Using buffer line after it has been freed in old regexp engine. Solution: After getting mark get the line again.

commit: b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Tue Mar 29 13:24:58 2022 +0100
committer: Bram Moolenaar <Bram@vim.org> Tue Mar 29 13:24:58 2022 +0100
tree: dee7da61584ff2984379de135bad55711d22c09a
parent: fd01280d01c2270a320d8c962d24140a8176a400 [diff] [blame]
diff --git a/src/regexp_bt.c b/src/regexp_bt.c
index 4082f59..793faaf 100644
--- a/src/regexp_bt.c
+++ b/src/regexp_bt.c

@@ -3360,8 +3360,17 @@
 		int	mark = OPERAND(scan)[0];
 		int	cmp = OPERAND(scan)[1];
 		pos_T	*pos;
+		size_t	col = REG_MULTI ? rex.input - rex.line : 0;
 
 		pos = getmark_buf(rex.reg_buf, mark, FALSE);
+
+		// Line may have been freed, get it again.
+		if (REG_MULTI)
+		{
+		    rex.line = reg_getline(rex.lnum);
+		    rex.input = rex.line + col;
+		}
+
 		if (pos == NULL		     // mark doesn't exist
 			|| pos->lnum <= 0)   // mark isn't set in reg_buf
 		{
commit	b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Tue Mar 29 13:24:58 2022 +0100
committer	Bram Moolenaar <Bram@vim.org>	Tue Mar 29 13:24:58 2022 +0100
tree	dee7da61584ff2984379de135bad55711d22c09a
parent	fd01280d01c2270a320d8c962d24140a8176a400 [diff] [blame]