new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..895c4a04b6ab1c2eabc80a486e52cabd7a99a5ea
GIT binary patch
literal 561
zc$`&{L2DC16vtm$FL@r)OM?`VNi5id+prLdwrmxfpeY3<3KhCyW;2syWiz{-+3kcR
z+8h)-c<|7hpT_Uv_ZVMHTkv-p{_oBE^Zt(?mY^CG_*Nx#<m#?>(3>Lwl+NCVF9=jA
z2of&cZB-@BzC@mnFg;eUCe)0{MeLm0^*pab)EP{tZ>B4Py>KL1yW2fWi~M6h0wCcW
zlQaW^A|4D3ay^u=24F&R(_@;FVL7#pM&pQKKaC9**FQ!KqhcWZNcg8=1nSwCUw1Yb
zR;$%xJ$#@<dlKh<{1BdE{%N);eqz3bk;TW7eL%um&9eo~l{@8a+3S%XYlS-oD;<lQ
z3vvtZo3)#5@!iI9z41`Xj0-U{GoM|Jv}BUrnz7)2oCAKcT;r4{_k7}f|8<!kmezk!
zrDe731v4xtY$Zwkr!dA;k4`{p^G|byc0myeu3sjx5eJ@kldOX~ly~ymtyq*;%O3q`
z>&ZplRnnqGSS+WK)~$p34kx&4vgA^r$z<)(7vx2anPuejx$LuV!>`fShAq~woKx{+
Yf4jc-96FT>ey*)}QoAKBvLHb97oFUxmH+?%

--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -190,6 +190,12 @@ func Test_crash1_3()
   call term_sendkeys(buf, args)
   call TermWait(buf, 150)
 
+  let file = 'crash/double_free'
+  let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 50)
+
   " clean up
   exe buf .. "bw!"
   bw!

--- a/src/version.c
+++ b/src/version.c
@@ -705,6 +705,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    647,
+/**/
     646,
 /**/
     645,

--- a/src/window.c
+++ b/src/window.c
@@ -5837,10 +5837,7 @@ win_free(
     win_free_lsize(wp);
 
     for (i = 0; i < wp->w_tagstacklen; ++i)
-    {
-	vim_free(wp->w_tagstack[i].tagname);
-	vim_free(wp->w_tagstack[i].user_data);
-    }
+	tagstack_clear_entry(&wp->w_tagstack[i]);
     vim_free(wp->w_localdir);
     vim_free(wp->w_prevdir);