From 6692c0958f476456b59cd9f36b35b1c5b3202145 Mon Sep 17 00:00:00 2001
From: Abdelhakeem Osama <abdelhakeem.osama@hotmail.com>
Date: Sun, 8 Sep 2019 03:02:29 +0200
Subject: shada: initialize jumplist before search pattern (#10964)

Since 8b8ecf4, the shada module loads files in the jumplist to properly
clear duplicates. This can trigger some autocommands, which in turn
saves and restores search and substitute patterns, freeing the previous
strings in "spats" which are held in "wms" as well (heap-use-after-free).
To avoid this, initialize the jumplist in "wms" before search patterns.
---
 test/functional/shada/history_spec.lua | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'test')

diff --git a/test/functional/shada/history_spec.lua b/test/functional/shada/history_spec.lua
index c4be9e563d..78b5c77857 100644
--- a/test/functional/shada/history_spec.lua
+++ b/test/functional/shada/history_spec.lua
@@ -224,4 +224,17 @@ describe('ShaDa support code', function()
     eq('', funcs.histget('/', -1))
   end)
 
+  it('does not crash when dumping last search pattern (#10945)', function()
+    nvim_command('edit Xtest-functional-shada-history_spec')
+    -- Save jump list
+    nvim_command('wshada')
+    -- Wipe out buffer list (jump list entry gets removed)
+    nvim_command('%bwipeout')
+    -- Restore jump list
+    nvim_command('rshada')
+    nvim_command('silent! /pat/')
+    nvim_command('au BufNew * echo')
+    nvim_command('wshada')
+  end)
+
 end)
-- 
cgit