From 9b2c8626d457fe24bf461acf82824cecf6338aa8 Mon Sep 17 00:00:00 2001
From: Krzosa Karol <krzosa.alias.grid600@passmail.net>
Date: Thu, 5 Mar 2026 16:55:58 +0100
Subject: [PATCH] Fix bad memory access in ReplaceAll

---
 src/buffer.cpp               | 2 ++
 src/globals.cpp              | 1 +
 src/plugin_file_commands.cpp | 2 +-
 src/text_editor.cpp          | 4 +++-
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/buffer.cpp b/src/buffer.cpp
index 26832ee..3c2c845 100644
--- a/src/buffer.cpp
+++ b/src/buffer.cpp
@@ -1152,6 +1152,7 @@ API void InitBuffer(Allocator allocator, Buffer *buffer, BufferID id = {}, Strin
     if (!buffer->no_line_starts) {
         Add(&buffer->line_starts, (Int)0);
     }
+    if (DebugTraceBufferInits) printf("InitBuffer %.*s %p\n", (int)name.len, name.data, buffer->data);
 }
 
 API void DeinitBuffer(Buffer *buffer) {
@@ -1161,6 +1162,7 @@ API void DeinitBuffer(Buffer *buffer) {
     Dealloc(&buffer->line_starts);
     DeallocHistoryArray(&buffer->undo_stack);
     DeallocHistoryArray(&buffer->redo_stack);
+    if (DebugTraceBufferInits) printf("DeinitBuffer %.*s %p\n", (int)buffer->name.len, buffer->name.data, buffer->data);
 }
 
 // Indexing starts from 0 not 1 because this routine creates also the zero buffer
diff --git a/src/globals.cpp b/src/globals.cpp
index 2674a65..ddbe109 100644
--- a/src/globals.cpp
+++ b/src/globals.cpp
@@ -9,6 +9,7 @@ bool SearchCaseSensitive = false;
 bool SearchWordBoundary = false;
 bool BreakOnError = false;
 Int ErrorCount;
+bool DebugTraceBufferInits = false;
 
 Allocator SysAllocator = {SystemAllocatorProc};
 float  DPIScale = 1.0f;
diff --git a/src/plugin_file_commands.cpp b/src/plugin_file_commands.cpp
index 77f50c1..9236463 100644
--- a/src/plugin_file_commands.cpp
+++ b/src/plugin_file_commands.cpp
@@ -140,7 +140,7 @@ void CO_ReplaceAll(mco_coro *co) {
 
         field_seek = BaseFindNext(main.buffer, u"for::", MakeCaret(0), SeekFlag_None);
         Range range = {field_seek.range.max, main.buffer->len};
-        needle = GetString(main.buffer, range);
+        needle = Copy16(ctx->arena, GetString(main.buffer, range));
     }
 
     {
diff --git a/src/text_editor.cpp b/src/text_editor.cpp
index 396dd18..44aa521 100644
--- a/src/text_editor.cpp
+++ b/src/text_editor.cpp
@@ -1,4 +1,6 @@
 /*
+- [x] ReplaceAll - heap-use-after-free address, how to debug? I think would be nice to iterate all buffer ids and their addresses along with the state
+
 - [x] BRO, the caret teleports on linux when I press the arrow for too long
     - [ ] Report SDL newest vs SDL previous version on wayland
 
@@ -900,8 +902,8 @@ int main(int argc, char **argv, char **envp)
     char **argv = __argv;
     AttachConsole(ATTACH_PARENT_PROCESS);
 #endif
-    InitScratch();
     InitOS(ReportErrorf);
+    InitScratch();
 
     ProjectFolder = GetWorkingDir(Perm);
     HomeFolder = SDL_GetUserFolder(SDL_FOLDER_HOME);