diff options
| author | Bram Moolenaar <Bram@vim.org> | 2022-02-01 13:54:17 +0000 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2022-02-01 13:54:17 +0000 |
| commit | 9b4a80a66544f2782040b641498754bcb5b8d461 (patch) | |
| tree | 5b51ffffb1d60cbd8e771722fc609826526b590a | |
| parent | eb4a9ba293be51039e57e0e18337785e2ce526e7 (diff) | |
| download | vim-git-9b4a80a66544f2782040b641498754bcb5b8d461.tar.gz | |
patch 8.2.4281: using freed memory with :lopen and :bwipev8.2.4281
Problem: Using freed memory with :lopen and :bwipe.
Solution: Do not use a wiped out buffer.
| -rw-r--r-- | src/buffer.c | 14 | ||||
| -rw-r--r-- | src/testdir/test_quickfix.vim | 17 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 29 insertions, 4 deletions
diff --git a/src/buffer.c b/src/buffer.c index 24da82984..81bdb31ca 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -1706,6 +1706,7 @@ set_curbuf(buf_T *buf, int action) #endif bufref_T newbufref; bufref_T prevbufref; + int valid; setpcmark(); if ((cmdmod.cmod_flags & CMOD_KEEPALT) == 0) @@ -1763,13 +1764,19 @@ set_curbuf(buf_T *buf, int action) // An autocommand may have deleted "buf", already entered it (e.g., when // it did ":bunload") or aborted the script processing. // If curwin->w_buffer is null, enter_buffer() will make it valid again - if ((buf_valid(buf) && buf != curbuf + valid = buf_valid(buf); + if ((valid && buf != curbuf #ifdef FEAT_EVAL && !aborting() #endif ) || curwin->w_buffer == NULL) { - enter_buffer(buf); + // If the buffer is not valid but curwin->w_buffer is NULL we must + // enter some buffer. Using the last one is hopefully OK. + if (!valid) + enter_buffer(lastbuf); + else + enter_buffer(buf); #ifdef FEAT_SYN_HL if (old_tw != curbuf->b_p_tw) check_colorcolumn(curwin); @@ -2288,8 +2295,7 @@ free_buf_options( clear_string_option(&buf->b_p_vsts); vim_free(buf->b_p_vsts_nopaste); buf->b_p_vsts_nopaste = NULL; - vim_free(buf->b_p_vsts_array); - buf->b_p_vsts_array = NULL; + VIM_CLEAR(buf->b_p_vsts_array); clear_string_option(&buf->b_p_vts); VIM_CLEAR(buf->b_p_vts_array); #endif diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim index fb6d21fc5..07fdb9644 100644 --- a/src/testdir/test_quickfix.vim +++ b/src/testdir/test_quickfix.vim @@ -979,6 +979,7 @@ func Test_locationlist_curwin_was_closed() call assert_fails('lrewind', 'E924:') augroup! testgroup + delfunc R endfunc func Test_locationlist_cross_tab_jump() @@ -5835,4 +5836,20 @@ func Test_two_qf_windows() %bw! endfunc +" Weird sequence of commands that caused entering a wiped-out buffer +func Test_lopen_bwipe() + func R() + silent! tab lopen + e x + silent! lfile + endfunc + + cal R() + cal R() + cal R() + bw! + delfunc R +endfunc + + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/version.c b/src/version.c index 978e869ec..d8b3d4b7f 100644 --- a/src/version.c +++ b/src/version.c @@ -747,6 +747,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 4281, +/**/ 4280, /**/ 4279, |