patch 9.1.0048: Abort opening cmdwin if autocmds screw things up Commit: https://github.com/vim/vim/commit/43b395ec2e7d24a067d7cb00109818b64da144a5 Author: Sean Dewar <seandewar@users.noreply.github.com> Date: Wed Aug 16 16:17:31 2023 +0100 patch 9.1.0048: Abort opening cmdwin if autocmds screw things up Problem: Autocmds triggered from opening the cmdwin (in win_split and do_ecmd) can cause issues such as E199, as the current checks are insufficient. Solution: Commands executed from the cmdwin apply to the old curwin/buf, so they should be kept in a "suspended" state; abort if they've changed. Also abort if cmdwin/buf was tampered with, and check that curwin is correct. Try to clean up the cmdwin buffer (only if hidden and non-current to simplify things; the same approach is used when closing cmdwin normally), and add a beep. (Sean Dewar) It'd be nice to also check that curwin was *really* created by win_split, as autocommands can change curwin before it returns (so it can't be assumed to be that of the split); for now, this means that the cmdwin may not be the botwin in that case, which is probably OK. closes: #12819 Signed-off-by: Sean Dewar <seandewar@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>

# Security Policy

## Reporting a vulnerability

If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
vim-security@googlegroups.com

This is a private list, read only by the maintainers, but anybody can post, after moderation.

**Please don't publicly disclose the issue until it has been addressed by us.**