patch 8.1.2136: using freed memory with autocmd from fuzzer
Problem: using freed memory with autocmd from fuzzer. (Dhiraj Mishra,
Dominique Pelle)
Solution: Avoid using "wp" after autocommands. (closes #5041)
diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim
index fe77bf5..1e53fe4 100644
--- a/src/testdir/test_autocmd.vim
+++ b/src/testdir/test_autocmd.vim
@@ -2288,3 +2288,11 @@
call StopVimInTerminal(buf)
call delete(filename)
endfunc
+
+func Test_autocmd_was_using_freed_memory()
+ pedit xx
+ n x
+ au WinEnter * quit
+ split
+ au! WinEnter
+endfunc
diff --git a/src/version.c b/src/version.c
index f22db55..46bd1b1 100644
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 2136,
+/**/
2135,
/**/
2134,
diff --git a/src/window.c b/src/window.c
index 0fda9f0..fb8a5a7 100644
--- a/src/window.c
+++ b/src/window.c
@@ -4641,6 +4641,7 @@
#ifdef FEAT_JOB_CHANNEL
entering_window(curwin);
#endif
+ // Careful: autocommands may close the window and make "wp" invalid
if (trigger_new_autocmds)
apply_autocmds(EVENT_WINNEW, NULL, NULL, FALSE, curbuf);
if (trigger_enter_autocmds)
@@ -4655,7 +4656,7 @@
#endif
curwin->w_redr_status = TRUE;
#ifdef FEAT_TERMINAL
- if (bt_terminal(wp->w_buffer))
+ if (bt_terminal(curwin->w_buffer))
// terminal is likely in another mode
redraw_mode = TRUE;
#endif