From 2573af3519ad062ddad647b97e32090f106f2ac1 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 14 Mar 2020 17:21:34 +0100
Subject: patch 8.2.0381: using freed memory with :lvimgrep and autocommand

Problem:    Using freed memory with :lvimgrep and autocommand. (extracted from
            POC by Dominique Pelle)
Solution:   Avoid deleting a dummy buffer used in a window. (closes #5777)
---
 src/quickfix.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'src/quickfix.c')

diff --git a/src/quickfix.c b/src/quickfix.c
index 7ae489b5d3..f82a187166 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -6268,7 +6268,26 @@ load_dummy_buffer(
     static void
 wipe_dummy_buffer(buf_T *buf, char_u *dirname_start)
 {
-    if (curbuf != buf)		// safety check
+    // If any autocommand opened a window on the dummy buffer, close that
+    // window.  If we can't close them all then give up.
+    while (buf->b_nwindows > 0)
+    {
+	int	    did_one = FALSE;
+	win_T	    *wp;
+
+	if (firstwin->w_next != NULL)
+	    for (wp = firstwin; wp != NULL; wp = wp->w_next)
+		if (wp->w_buffer == buf)
+		{
+		    if (win_close(wp, FALSE) == OK)
+			did_one = TRUE;
+		    break;
+		}
+	if (!did_one)
+	    return;
+    }
+
+    if (curbuf != buf && buf->b_nwindows == 0)	// safety check
     {
 #if defined(FEAT_EVAL)
 	cleanup_T   cs;
-- 
cgit v1.2.3