vim-patch:8.1.2136: using freed memory with autocmd from fuzzer

Problem:    using freed memory with autocmd from fuzzer. (Dhiraj Mishra,
            Dominique Pelle)
Solution:   Avoid using "wp" after autocommands. (closes vim/vim#5041)
https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421

Nvim doesn't use Vim's terminal implementation.
Despite this, Nvim has its own *exclusive* way of crashing here.

Requires 'winwidth' > winwidth() and 'nowinfixwidth' to crash; adjust
the test ('nowfw' is the default, but ensure its disabled anyway).

2 files changed, 13 insertions, 1 deletions

diff --git a/src/nvim/testdir/test_autocmd.vim b/src/nvim/testdir/test_autocmd.vim
index 0c8b8a45d9..1bc9d95f05 100644
--- a/src/nvim/testdir/test_autocmd.vim
+++ b/src/nvim/testdir/test_autocmd.vim
@@ -1897,6 +1897,17 @@ func Test_autocmd_CmdWinEnter()
   call delete(filename)
 endfunc
 
+func Test_autocmd_was_using_freed_memory()
+  pedit xx
+  n x
+  au WinEnter * quit
+  " Nvim needs large 'winwidth' and 'nowinfixwidth' to crash
+  set winwidth=99999 nowinfixwidth
+  split
+  au! WinEnter
+  set winwidth& winfixwidth&
+endfunc
+
 func Test_FileChangedShell_reload()
   if !has('unix')
     return
diff --git a/src/nvim/window.c b/src/nvim/window.c
index e328ff5467..3e6e42dec2 100644
--- a/src/nvim/window.c
+++ b/src/nvim/window.c
@@ -4525,6 +4525,7 @@ static void win_enter_ext(win_T *const wp, const int flags)
 
   fix_current_dir();
 
+  // Careful: autocommands may close the window and make "wp" invalid
   if (flags & WEE_TRIGGER_NEW_AUTOCMDS) {
     apply_autocmds(EVENT_WINNEW, NULL, NULL, false, curbuf);
   }
@@ -4558,7 +4559,7 @@ static void win_enter_ext(win_T *const wp, const int flags)
   }
 
   // set window width to desired minimal value
-  if (curwin->w_width < p_wiw && !curwin->w_p_wfw && !wp->w_floating) {
+  if (curwin->w_width < p_wiw && !curwin->w_p_wfw && !curwin->w_floating) {
     win_setwidth((int)p_wiw);
   }