diff options
| author | Bram Moolenaar <Bram@vim.org> | 2018-01-31 19:06:50 +0100 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2018-01-31 19:06:50 +0100 |
| commit | 6f361c991221e96d5068c77b854967d997b1529b (patch) | |
| tree | 6fdcc8535ddab3e56c3cd8bc0b4fb5971ec2a22f | |
| parent | 153b704e20f9c269450a7d3ea8cafcf942579ab7 (diff) | |
patch 8.0.1446: acessing freed memory after window command in auto commandv8.0.1446
Problem: Acessing freed memory after window command in auto command.
(gy741)
Solution: Adjust the pointer in the parent frame. (Christian Brabandt,
closes #2467)
| -rw-r--r-- | src/testdir/test_window_cmd.vim | 11 | ||||
| -rw-r--r-- | src/version.c | 2 | ||||
| -rw-r--r-- | src/window.c | 10 |
3 files changed, 22 insertions, 1 deletions
diff --git a/src/testdir/test_window_cmd.vim b/src/testdir/test_window_cmd.vim index 925cfcc484..69b139fe3b 100644 --- a/src/testdir/test_window_cmd.vim +++ b/src/testdir/test_window_cmd.vim @@ -472,4 +472,15 @@ func Test_window_colon_command() exe "norm! v\<C-W>:\<C-U>echo v:version" endfunc +func Test_access_freed_mem() + " This was accessing freed memory + au * 0 vs xxx + arg 0 + argadd + all + all + au! + bwipe xxx +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/version.c b/src/version.c index dad2715559..e727c4a1bf 100644 --- a/src/version.c +++ b/src/version.c @@ -772,6 +772,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1446, +/**/ 1445, /**/ 1444, diff --git a/src/window.c b/src/window.c index a58fbbd7b7..669f3bd6e8 100644 --- a/src/window.c +++ b/src/window.c @@ -2731,6 +2731,8 @@ winframe_remove( if (frp2->fr_win != NULL) frp2->fr_win->w_frame = frp2->fr_parent; frp = frp2->fr_parent; + if (topframe->fr_child == frp2) + topframe->fr_child = frp; vim_free(frp2); frp2 = frp->fr_parent; @@ -2754,6 +2756,8 @@ winframe_remove( break; } } + if (topframe->fr_child == frp) + topframe->fr_child = frp2; vim_free(frp); } } @@ -3499,7 +3503,6 @@ win_alloc_firstwin(win_T *oldwin) topframe = curwin->w_frame; topframe->fr_width = Columns; topframe->fr_height = Rows - p_ch; - topframe->fr_win = curwin; return OK; } @@ -4812,7 +4815,12 @@ frame_remove(frame_T *frp) if (frp->fr_prev != NULL) frp->fr_prev->fr_next = frp->fr_next; else + { frp->fr_parent->fr_child = frp->fr_next; + /* special case: topframe->fr_child == frp */ + if (topframe->fr_child == frp) + topframe->fr_child = frp->fr_next; + } if (frp->fr_next != NULL) frp->fr_next->fr_prev = frp->fr_prev; } |