# HG changeset patch # User Bram Moolenaar # Date 1663762503 -7200 # Node ID 14c0d0c72bcdab4529ac7cbb9ef71cda56fbb3a3 # Parent 62c76fa1820167382a12f3f66f425e01787826e5 patch 9.0.0530: using freed memory when autocmd changes mark Commit: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad Author: Bram Moolenaar Date: Wed Sep 21 13:07:22 2022 +0100 patch 9.0.0530: using freed memory when autocmd changes mark Problem: Using freed memory when autocmd changes mark. Solution: Copy the mark before editing another buffer. diff --git a/src/mark.c b/src/mark.c --- a/src/mark.c +++ b/src/mark.c @@ -221,17 +221,19 @@ movemark(int count) fname2fnum(jmp); if (jmp->fmark.fnum != curbuf->b_fnum) { - // jump to other file - if (buflist_findnr(jmp->fmark.fnum) == NULL) + // Make a copy, an autocommand may make "jmp" invalid. + fmark_T fmark = jmp->fmark; + + // jump to the file with the mark + if (buflist_findnr(fmark.fnum) == NULL) { // Skip this one .. count += count < 0 ? -1 : 1; continue; } - if (buflist_getfile(jmp->fmark.fnum, jmp->fmark.mark.lnum, - 0, FALSE) == FAIL) + if (buflist_getfile(fmark.fnum, fmark.mark.lnum, 0, FALSE) == FAIL) return (pos_T *)NULL; // Set lnum again, autocommands my have changed it - curwin->w_cursor = jmp->fmark.mark; + curwin->w_cursor = fmark.mark; pos = (pos_T *)-1; } else diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim --- a/src/testdir/test_marks.vim +++ b/src/testdir/test_marks.vim @@ -305,4 +305,17 @@ func Test_getmarklist() close! endfunc +" This was using freed memory +func Test_jump_mark_autocmd() + next 00 + edit 0 + sargument + au BufEnter 0 all + sil norm  + + au! BufEnter + bwipe! +endfunc + + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -700,6 +700,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 530, +/**/ 529, /**/ 528,