From c4525063b04596175d25177583ce1655791cbc0f Mon Sep 17 00:00:00 2001
From: Neil <nyamatongwe@gmail.com>
Date: Thu, 16 Mar 2017 10:16:39 +1100
Subject: Fix use-after-free in fold tags when top line folded then new top
 line inserted. In SparseVector, string inserted at start then NULL inserted
 at start.

---
 src/SparseVector.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/SparseVector.h')

diff --git a/src/SparseVector.h b/src/SparseVector.h
index f96b36b8b..20fa56cca 100644
--- a/src/SparseVector.h
+++ b/src/SparseVector.h
@@ -100,7 +100,8 @@ public:
 			if (partition == 0) {
 				// Inserting at start of document so ensure 0
 				if (valueCurrent != T()) {
-					ClearValue(0);
+					// Since valueCurrent is needed again, should not ClearValue
+					values->SetValueAt(0, T());
 					starts->InsertPartition(1, 0);
 					values->InsertValue(1, 1, valueCurrent);
 					starts->InsertText(0, insertLength);
-- 
cgit v1.2.3