changeset 23861:5d11a15dbaa9 v8.2.2472

patch 8.2.2472: crash when using command line window in an autocommand Commit: https://github.com/vim/vim/commit/aad5f9d79a2b71e9d2581eace3652be156102b9d Author: Bram Moolenaar <Bram@vim.org> Date: Sat Feb 6 17:30:31 2021 +0100 patch 8.2.2472: crash when using command line window in an autocommand Problem: Crash when using command line window in an autocommand. (houyunsong) Solution: Save and restore au_new_curbuf.
author Bram Moolenaar <Bram@vim.org>
date Sat, 06 Feb 2021 17:45:03 +0100
parents a8e6303f7da7
children 9afc3816a133
files src/ex_cmds.c src/testdir/test_autocmd.vim src/version.c
diffstat 3 files changed, 28 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -2710,8 +2710,9 @@ do_ecmd(
 	 */
 	if (buf != curbuf)
 	{
+	    bufref_T	save_au_new_curbuf;
 #ifdef FEAT_CMDWIN
-	    int save_cmdwin_type = cmdwin_type;
+	    int		save_cmdwin_type = cmdwin_type;
 
 	    // BufLeave applies to the old buffer.
 	    cmdwin_type = 0;
@@ -2728,6 +2729,7 @@ do_ecmd(
 	     */
 	    if (buf->b_fname != NULL)
 		new_name = vim_strsave(buf->b_fname);
+	    save_au_new_curbuf = au_new_curbuf;
 	    set_bufref(&au_new_curbuf, buf);
 	    apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf);
 #ifdef FEAT_CMDWIN
@@ -2737,12 +2739,14 @@ do_ecmd(
 	    {
 		// new buffer has been deleted
 		delbuf_msg(new_name);	// frees new_name
+		au_new_curbuf = save_au_new_curbuf;
 		goto theend;
 	    }
 #ifdef FEAT_EVAL
 	    if (aborting())	    // autocmds may abort script processing
 	    {
 		vim_free(new_name);
+		au_new_curbuf = save_au_new_curbuf;
 		goto theend;
 	    }
 #endif
@@ -2778,6 +2782,7 @@ do_ecmd(
 		if (aborting() && curwin->w_buffer != NULL)
 		{
 		    vim_free(new_name);
+		    au_new_curbuf = save_au_new_curbuf;
 		    goto theend;
 		}
 #endif
@@ -2786,6 +2791,7 @@ do_ecmd(
 		{
 		    // new buffer has been deleted
 		    delbuf_msg(new_name);	// frees new_name
+		    au_new_curbuf = save_au_new_curbuf;
 		    goto theend;
 		}
 		if (buf == curbuf)		// already in new buffer
@@ -2831,8 +2837,7 @@ do_ecmd(
 #endif
 	    }
 	    vim_free(new_name);
-	    au_new_curbuf.br_buf = NULL;
-	    au_new_curbuf.br_buf_free_count = 0;
+	    au_new_curbuf = save_au_new_curbuf;
 	}
 
 	curwin->w_pcmark.lnum = 1;
--- a/src/testdir/test_autocmd.vim
+++ b/src/testdir/test_autocmd.vim
@@ -2739,9 +2739,9 @@ func Test_autocmd_closes_window()
   au BufNew,BufWinLeave * e %e
   file yyy
   au BufNew,BufWinLeave * ball
-  call assert_fails('n xxx', 'E143:')
-
-  bwipe %
+  n xxx
+
+  %bwipe
   au! BufNew
   au! BufWinLeave
 endfunc
@@ -2759,4 +2759,19 @@ func Test_autocmd_quit_psearch()
   augroup END
 endfunc
 
+" Fuzzer found some strange combination that caused a crash.
+func Test_autocmd_normal_mess()
+  augroup aucmd_normal_test
+    au BufLeave,BufWinLeave,BufHidden,BufUnload,BufDelete,BufWipeout * norm 7q/qc
+  augroup END
+  o4
+  silent! H
+  e xx
+  normal G
+
+  augroup aucmd_normal_test
+    au!
+  augroup END
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    2472,
+/**/
     2471,
 /**/
     2470,