patch 8.0.1446: acessing freed memory after window command in auto command
Problem: Acessing freed memory after window command in auto command.
(gy741)
Solution: Adjust the pointer in the parent frame. (Christian Brabandt,
closes #2467)
diff --git a/src/testdir/test_window_cmd.vim b/src/testdir/test_window_cmd.vim
index 925cfcc..69b139f 100644
--- a/src/testdir/test_window_cmd.vim
+++ b/src/testdir/test_window_cmd.vim
@@ -472,4 +472,15 @@
exe "norm! v\<C-W>:\<C-U>echo v:version"
endfunc
+func Test_access_freed_mem()
+ " This was accessing freed memory
+ au * 0 vs xxx
+ arg 0
+ argadd
+ all
+ all
+ au!
+ bwipe xxx
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index dad2715..e727c4a 100644
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1446,
+/**/
1445,
/**/
1444,
diff --git a/src/window.c b/src/window.c
index a58fbbd..669f3bd 100644
--- a/src/window.c
+++ b/src/window.c
@@ -2731,6 +2731,8 @@
if (frp2->fr_win != NULL)
frp2->fr_win->w_frame = frp2->fr_parent;
frp = frp2->fr_parent;
+ if (topframe->fr_child == frp2)
+ topframe->fr_child = frp;
vim_free(frp2);
frp2 = frp->fr_parent;
@@ -2754,6 +2756,8 @@
break;
}
}
+ if (topframe->fr_child == frp)
+ topframe->fr_child = frp2;
vim_free(frp);
}
}
@@ -3499,7 +3503,6 @@
topframe = curwin->w_frame;
topframe->fr_width = Columns;
topframe->fr_height = Rows - p_ch;
- topframe->fr_win = curwin;
return OK;
}
@@ -4812,7 +4815,12 @@
if (frp->fr_prev != NULL)
frp->fr_prev->fr_next = frp->fr_next;
else
+ {
frp->fr_parent->fr_child = frp->fr_next;
+ /* special case: topframe->fr_child == frp */
+ if (topframe->fr_child == frp)
+ topframe->fr_child = frp->fr_next;
+ }
if (frp->fr_next != NULL)
frp->fr_next->fr_prev = frp->fr_prev;
}