Mercurial > vim
changeset 13144:20fb8c711050 v8.0.1446
patch 8.0.1446: acessing freed memory after window command in auto command
commit https://github.com/vim/vim/commit/6f361c991221e96d5068c77b854967d997b1529b
Author: Bram Moolenaar <Bram@vim.org>
Date: Wed Jan 31 19:06:50 2018 +0100
patch 8.0.1446: acessing freed memory after window command in auto command
Problem: Acessing freed memory after window command in auto command.
(gy741)
Solution: Adjust the pointer in the parent frame. (Christian Brabandt,
closes #2467)
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Wed, 31 Jan 2018 19:15:06 +0100 |
parents | cf4e3ef40ba4 |
children | e85e221ef3ce |
files | src/testdir/test_window_cmd.vim src/version.c src/window.c |
diffstat | 3 files changed, 22 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/testdir/test_window_cmd.vim +++ b/src/testdir/test_window_cmd.vim @@ -472,4 +472,15 @@ func Test_window_colon_command() exe "norm! v\<C-W>:\<C-U>echo v:version" endfunc +func Test_access_freed_mem() + " This was accessing freed memory + au * 0 vs xxx + arg 0 + argadd + all + all + au! + bwipe xxx +endfunc + " vim: shiftwidth=2 sts=2 expandtab
--- a/src/version.c +++ b/src/version.c @@ -772,6 +772,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1446, +/**/ 1445, /**/ 1444,
--- a/src/window.c +++ b/src/window.c @@ -2731,6 +2731,8 @@ winframe_remove( if (frp2->fr_win != NULL) frp2->fr_win->w_frame = frp2->fr_parent; frp = frp2->fr_parent; + if (topframe->fr_child == frp2) + topframe->fr_child = frp; vim_free(frp2); frp2 = frp->fr_parent; @@ -2754,6 +2756,8 @@ winframe_remove( break; } } + if (topframe->fr_child == frp) + topframe->fr_child = frp2; vim_free(frp); } } @@ -3499,7 +3503,6 @@ win_alloc_firstwin(win_T *oldwin) topframe = curwin->w_frame; topframe->fr_width = Columns; topframe->fr_height = Rows - p_ch; - topframe->fr_win = curwin; return OK; } @@ -4812,7 +4815,12 @@ frame_remove(frame_T *frp) if (frp->fr_prev != NULL) frp->fr_prev->fr_next = frp->fr_next; else + { frp->fr_parent->fr_child = frp->fr_next; + /* special case: topframe->fr_child == frp */ + if (topframe->fr_child == frp) + topframe->fr_child = frp->fr_next; + } if (frp->fr_next != NULL) frp->fr_next->fr_prev = frp->fr_prev; }