patch 9.1.1361: [security]: possible use-after-free when closing a buffer
Problem: [security]: Possible to open more windows into a closing
buffer without splitting, bypassing existing "b_locked_split"
checks and triggering use-after-free
Solution: Disallow switching to a closing buffer. Editing a closing
buffer (via ":edit", etc.) was fixed in v9.1.0764, but add an
error message and check just "b_locked_split", as "b_locked"
is necessary only when the buffer shouldn't be wiped, and may
be set for buffers that are in-use but not actually closing.
(Sean Dewar)
closes: #17246
Signed-off-by: Sean Dewar <6256228+seandewar@users.noreply.github.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/errors.h b/src/errors.h
index 90cc2b1..d718507 100644
--- a/src/errors.h
+++ b/src/errors.h
@@ -3728,3 +3728,5 @@
EXTERN char e_no_quickfix_stack[]
INIT(= N_("E1545: Quickfix list stack unavailable"));
#endif
+EXTERN char e_cannot_switch_to_a_closing_buffer[]
+ INIT(= N_("E1546: Cannot switch to a closing buffer"));