patch 8.2.3476: renaming a buffer on startup may cause using freed memory Problem: Renaming a buffer on startup may cause using freed memory. Solution: Check if the buffer is used in a window. (closes #8955)

commit: d3710cf01ef6ab1b2f233866ff01dab76686f642 [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Mon Oct 04 23:13:13 2021 +0100
committer: Bram Moolenaar <Bram@vim.org> Mon Oct 04 23:13:13 2021 +0100
tree: 28e2058098833e3f613c0ecf75733ee4e0cc1627
parent: 08d7b1c82866a61b61a55e55b6c190dba04e54ea [diff] [blame]
diff --git a/src/buffer.c b/src/buffer.c
index 5616487..bcbdf83 100644
--- a/src/buffer.c
+++ b/src/buffer.c

@@ -3399,7 +3399,17 @@
 #endif
 	if (obuf != NULL && obuf != buf)
 	{
-	    if (obuf->b_ml.ml_mfp != NULL)	// it's loaded, fail
+	    win_T	*win;
+	    tabpage_T   *tab;
+	    int		in_use = FALSE;
+
+	    // during startup a window may use a buffer that is not loaded yet
+	    FOR_ALL_TAB_WINDOWS(tab, win)
+		if (win->w_buffer == obuf)
+		    in_use = TRUE;
+
+	    // it's loaded or used in a window, fail
+	    if (obuf->b_ml.ml_mfp != NULL || in_use)
 	    {
 		if (message)
 		    emsg(_("E95: Buffer with this name already exists"));
commit	d3710cf01ef6ab1b2f233866ff01dab76686f642	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Mon Oct 04 23:13:13 2021 +0100
committer	Bram Moolenaar <Bram@vim.org>	Mon Oct 04 23:13:13 2021 +0100
tree	28e2058098833e3f613c0ecf75733ee4e0cc1627
parent	08d7b1c82866a61b61a55e55b6c190dba04e54ea [diff] [blame]