fix(terminal): invalid pointer comparison #18453

At the moment of comparison, the pointer save_curwin can be invalid (as
suggested by the comment) because it has been free'd. Worst, the new
curwin could have been re-allocated to that same pointer, altering the
execution flow unpredictably.

While there are many other potential similar cases to fix in the
codebase, the presented scenario is not hypothetical and does happen in
practice (while spawning new windows from fzf for instance).

There are numerous other instances of curwin comparisons in the
codebase, and they may need further investigation.

closes #16941

1 files changed, 2 insertions, 2 deletions

diff --git a/src/nvim/terminal.c b/src/nvim/terminal.c
index 9ea847d9fb..2d3102707c 100644
--- a/src/nvim/terminal.c
+++ b/src/nvim/terminal.c
@@ -404,7 +404,7 @@ void terminal_enter(void)
 
   // Disable these options in terminal-mode. They are nonsense because cursor is
   // placed at end of buffer to "follow" output. #11072
-  win_T *save_curwin = curwin;
+  handle_T save_curwin = curwin->handle;
   bool save_w_p_cul = curwin->w_p_cul;
   char_u *save_w_p_culopt = NULL;
   char_u save_w_p_culopt_flags = curwin->w_p_culopt_flags;
@@ -442,7 +442,7 @@ void terminal_enter(void)
   RedrawingDisabled = s->save_rd;
   apply_autocmds(EVENT_TERMLEAVE, NULL, NULL, false, curbuf);
 
-  if (save_curwin == curwin) {  // save_curwin may be invalid (window closed)!
+  if (save_curwin == curwin->handle) {  // Else: window was closed.
     curwin->w_p_cul = save_w_p_cul;
     if (save_w_p_culopt) {
       xfree(curwin->w_p_culopt);