patch 9.1.0678: [security]: use-after-free in alist_add() Problem: [security]: use-after-free in alist_add() (SuyueGuo) Solution: Lock the current window, so that the reference to the argument list remains valid. This fixes CVE-2024-43374 Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 0a6e57b09bc8c76691b367a5babfb79b31b770e8 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Thu Aug 15 22:15:28 2024 +0200
committer: Christian Brabandt <cb@256bit.org> Thu Aug 15 22:15:28 2024 +0200
tree: 03442904cdd3bd40c7748a313f9cb66a3d6c3bbf
parent: 3b59be4ed8a145d3188934f1a5cd85432bd2433d [diff] [blame]
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 05778c8..349269a 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c

@@ -2840,7 +2840,7 @@
 
 		// Set the w_closing flag to avoid that autocommands close the
 		// window.  And set b_locked for the same reason.
-		the_curwin->w_closing = TRUE;
+		the_curwin->w_locked = TRUE;
 		++buf->b_locked;
 
 		if (curbuf == old_curbuf.br_buf)
@@ -2854,7 +2854,7 @@
 
 		// Autocommands may have closed the window.
 		if (win_valid(the_curwin))
-		    the_curwin->w_closing = FALSE;
+		    the_curwin->w_locked = FALSE;
 		--buf->b_locked;
 
 #ifdef FEAT_EVAL
commit	0a6e57b09bc8c76691b367a5babfb79b31b770e8	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Thu Aug 15 22:15:28 2024 +0200
committer	Christian Brabandt <cb@256bit.org>	Thu Aug 15 22:15:28 2024 +0200
tree	03442904cdd3bd40c7748a313f9cb66a3d6c3bbf
parent	3b59be4ed8a145d3188934f1a5cd85432bd2433d [diff] [blame]