Mercurial > vim

diff src/window.c @ 28429:aa9720c76412 v8.2.4739
patch 8.2.4739: accessing freed memory after WinScrolled autocmd event Commit: https://github.com/vim/vim/commit/d58862d18f091d3c14fa3647e724ef7eea1ecefa Author: zeertzjq <zeertzjq@outlook.com> Date: Tue Apr 12 11:32:48 2022 +0100 patch 8.2.4739: accessing freed memory after WinScrolled autocmd event Problem: Accessing freed memory after WinScrolled autocmd event. Solution: Check the window pointer is still valid. (closes https://github.com/vim/vim/issues/10156) Remove the argument from may_trigger_winscrolled().
author: Bram Moolenaar <Bram@vim.org>
date: Tue, 12 Apr 2022 12:45:04 +0200
parents: e466fdbe0699
children: 264fa41e6704
--- a/src/window.c
+++ b/src/window.c
@@ -2784,9 +2784,13 @@ trigger_winclosed(win_T *win)
     recursive = FALSE;
 }
 
+/*
+ * Trigger WinScrolled for "curwin" if needed.
+ */
     void
-may_trigger_winscrolled(win_T *wp)
-{
+may_trigger_winscrolled(void)
+{
+    win_T	    *wp = curwin;
     static int	    recursive = FALSE;
     char_u	    winid[NUMBUFLEN];
 
@@ -2804,10 +2808,14 @@ may_trigger_winscrolled(win_T *wp)
 	apply_autocmds(EVENT_WINSCROLLED, winid, winid, FALSE, wp->w_buffer);
 	recursive = FALSE;
 
-	wp->w_last_topline = wp->w_topline;
-	wp->w_last_leftcol = wp->w_leftcol;
-	wp->w_last_width = wp->w_width;
-	wp->w_last_height = wp->w_height;
+	// an autocmd may close the window, "wp" may be invalid now
+	if (win_valid_any_tab(wp))
+	{
+	    wp->w_last_topline = wp->w_topline;
+	    wp->w_last_leftcol = wp->w_leftcol;
+	    wp->w_last_width = wp->w_width;
+	    wp->w_last_height = wp->w_height;
+	}
     }
 }
author	Bram Moolenaar <Bram@vim.org>
date	Tue, 12 Apr 2022 12:45:04 +0200
parents	e466fdbe0699
children	264fa41e6704