diff options
| author | Jan Edmund Lazo <janedmundlazo@hotmail.com> | 2018-07-15 08:36:46 -0400 |
|---|---|---|
| committer | Jan Edmund Lazo <janedmundlazo@hotmail.com> | 2018-08-06 21:56:39 -0400 |
| commit | a8ff55d50eb5888ff23b8d915e2b2991cb030ffa (patch) | |
| tree | e0753ca215ec3d0cd62d794fc166200c0ae69035 | |
| parent | ce5d7550488cacb2e783f350d007d6716ca7d1c6 (diff) | |
| download | rneovim-a8ff55d50eb5888ff23b8d915e2b2991cb030ffa.tar.gz rneovim-a8ff55d50eb5888ff23b8d915e2b2991cb030ffa.tar.bz2 rneovim-a8ff55d50eb5888ff23b8d915e2b2991cb030ffa.zip | |
vim-patch:8.0.1446: acessing freed memory after window command in auto command
Problem: Acessing freed memory after window command in auto command.
(gy741)
Solution: Adjust the pointer in the parent frame. (Christian Brabandt,
closes vim/vim#2467)
https://github.com/vim/vim/commit/6f361c991221e96d5068c77b854967d997b1529b
| -rw-r--r-- | src/nvim/testdir/test_window_cmd.vim | 11 | ||||
| -rw-r--r-- | src/nvim/window.c | 19 |
2 files changed, 26 insertions, 4 deletions
diff --git a/src/nvim/testdir/test_window_cmd.vim b/src/nvim/testdir/test_window_cmd.vim index d5ea52266d..842a6db8a2 100644 --- a/src/nvim/testdir/test_window_cmd.vim +++ b/src/nvim/testdir/test_window_cmd.vim @@ -455,4 +455,15 @@ func Test_window_contents() call test_garbagecollect_now() endfunc +func Test_access_freed_mem() + " This was accessing freed memory + au * 0 vs xxx + arg 0 + argadd + all + all + au! + bwipe xxx +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/nvim/window.c b/src/nvim/window.c index 300514f424..814913725a 100644 --- a/src/nvim/window.c +++ b/src/nvim/window.c @@ -2296,6 +2296,9 @@ winframe_remove ( if (frp2->fr_win != NULL) frp2->fr_win->w_frame = frp2->fr_parent; frp = frp2->fr_parent; + if (topframe->fr_child == frp2) { + topframe->fr_child = frp; + } xfree(frp2); frp2 = frp->fr_parent; @@ -2317,6 +2320,9 @@ winframe_remove ( break; } } + if (topframe->fr_child == frp) { + topframe->fr_child = frp2; + } xfree(frp); } } @@ -2959,7 +2965,6 @@ static int win_alloc_firstwin(win_T *oldwin) topframe = curwin->w_frame; topframe->fr_width = Columns; topframe->fr_height = Rows - p_ch; - topframe->fr_win = curwin; return OK; } @@ -4017,12 +4022,18 @@ static void frame_insert(frame_T *before, frame_T *frp) */ static void frame_remove(frame_T *frp) { - if (frp->fr_prev != NULL) + if (frp->fr_prev != NULL) { frp->fr_prev->fr_next = frp->fr_next; - else + } else { frp->fr_parent->fr_child = frp->fr_next; - if (frp->fr_next != NULL) + // special case: topframe->fr_child == frp + if (topframe->fr_child == frp) { + topframe->fr_child = frp->fr_next; + } + } + if (frp->fr_next != NULL) { frp->fr_next->fr_prev = frp->fr_prev; + } } |