patch 9.0.0530: using freed memory when autocmd changes mark Problem: Using freed memory when autocmd changes mark. Solution: Copy the mark before editing another buffer.

commit: 8ecfa2c56b4992c7f067b92488aa9acea5a454ad [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Wed Sep 21 13:07:22 2022 +0100
committer: Bram Moolenaar <Bram@vim.org> Wed Sep 21 13:07:22 2022 +0100
tree: f79aedf5dddb4c60237419c1f18b8e3b2ca09a9d
parent: 8eaee1fa5c0ce474132a04e1b70b73c49c41cc45 [diff] [blame]
diff --git a/src/mark.c b/src/mark.c
index ade5a10..584db03 100644
--- a/src/mark.c
+++ b/src/mark.c

@@ -221,17 +221,19 @@
 	    fname2fnum(jmp);
 	if (jmp->fmark.fnum != curbuf->b_fnum)
 	{
-	    // jump to other file
-	    if (buflist_findnr(jmp->fmark.fnum) == NULL)
+	    // Make a copy, an autocommand may make "jmp" invalid.
+	    fmark_T fmark = jmp->fmark;
+
+	    // jump to the file with the mark
+	    if (buflist_findnr(fmark.fnum) == NULL)
 	    {					     // Skip this one ..
 		count += count < 0 ? -1 : 1;
 		continue;
 	    }
-	    if (buflist_getfile(jmp->fmark.fnum, jmp->fmark.mark.lnum,
-							    0, FALSE) == FAIL)
+	    if (buflist_getfile(fmark.fnum, fmark.mark.lnum, 0, FALSE) == FAIL)
 		return (pos_T *)NULL;
 	    // Set lnum again, autocommands my have changed it
-	    curwin->w_cursor = jmp->fmark.mark;
+	    curwin->w_cursor = fmark.mark;
 	    pos = (pos_T *)-1;
 	}
 	else
commit	8ecfa2c56b4992c7f067b92488aa9acea5a454ad	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Wed Sep 21 13:07:22 2022 +0100
committer	Bram Moolenaar <Bram@vim.org>	Wed Sep 21 13:07:22 2022 +0100
tree	f79aedf5dddb4c60237419c1f18b8e3b2ca09a9d
parent	8eaee1fa5c0ce474132a04e1b70b73c49c41cc45 [diff] [blame]