To: vim_dev@googlegroups.com Subject: Patch 8.2.4281 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.4281 Problem: Using freed memory with :lopen and :bwipe. Solution: Do not use a wiped out buffer. Files: src/buffer.c, src/testdir/test_quickfix.vim *** ../vim-8.2.4280/src/buffer.c 2022-01-28 15:28:00.200927841 +0000 --- src/buffer.c 2022-02-01 13:52:22.188928452 +0000 *************** *** 1706,1711 **** --- 1706,1712 ---- #endif bufref_T newbufref; bufref_T prevbufref; + int valid; setpcmark(); if ((cmdmod.cmod_flags & CMOD_KEEPALT) == 0) *************** *** 1763,1775 **** // An autocommand may have deleted "buf", already entered it (e.g., when // it did ":bunload") or aborted the script processing. // If curwin->w_buffer is null, enter_buffer() will make it valid again ! if ((buf_valid(buf) && buf != curbuf #ifdef FEAT_EVAL && !aborting() #endif ) || curwin->w_buffer == NULL) { ! enter_buffer(buf); #ifdef FEAT_SYN_HL if (old_tw != curbuf->b_p_tw) check_colorcolumn(curwin); --- 1764,1782 ---- // An autocommand may have deleted "buf", already entered it (e.g., when // it did ":bunload") or aborted the script processing. // If curwin->w_buffer is null, enter_buffer() will make it valid again ! valid = buf_valid(buf); ! if ((valid && buf != curbuf #ifdef FEAT_EVAL && !aborting() #endif ) || curwin->w_buffer == NULL) { ! // If the buffer is not valid but curwin->w_buffer is NULL we must ! // enter some buffer. Using the last one is hopefully OK. ! if (!valid) ! enter_buffer(lastbuf); ! else ! enter_buffer(buf); #ifdef FEAT_SYN_HL if (old_tw != curbuf->b_p_tw) check_colorcolumn(curwin); *************** *** 2288,2295 **** clear_string_option(&buf->b_p_vsts); vim_free(buf->b_p_vsts_nopaste); buf->b_p_vsts_nopaste = NULL; ! vim_free(buf->b_p_vsts_array); ! buf->b_p_vsts_array = NULL; clear_string_option(&buf->b_p_vts); VIM_CLEAR(buf->b_p_vts_array); #endif --- 2295,2301 ---- clear_string_option(&buf->b_p_vsts); vim_free(buf->b_p_vsts_nopaste); buf->b_p_vsts_nopaste = NULL; ! VIM_CLEAR(buf->b_p_vsts_array); clear_string_option(&buf->b_p_vts); VIM_CLEAR(buf->b_p_vts_array); #endif *** ../vim-8.2.4280/src/testdir/test_quickfix.vim 2022-01-29 21:45:30.485921485 +0000 --- src/testdir/test_quickfix.vim 2022-02-01 13:50:21.562719876 +0000 *************** *** 979,984 **** --- 979,985 ---- call assert_fails('lrewind', 'E924:') augroup! testgroup + delfunc R endfunc func Test_locationlist_cross_tab_jump() *************** *** 5835,5838 **** --- 5836,5855 ---- %bw! endfunc + " Weird sequence of commands that caused entering a wiped-out buffer + func Test_lopen_bwipe() + func R() + silent! tab lopen + e x + silent! lfile + endfunc + + cal R() + cal R() + cal R() + bw! + delfunc R + endfunc + + " vim: shiftwidth=2 sts=2 expandtab *** ../vim-8.2.4280/src/version.c 2022-02-01 12:47:03.775540464 +0000 --- src/version.c 2022-02-01 13:43:37.212714666 +0000 *************** *** 748,749 **** --- 748,751 ---- { /* Add new patch number below this line */ + /**/ + 4281, /**/ -- Are leaders born or made? And if they're made, can we return them under warranty? (Scott Adams - The Dilbert principle) /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///