Patch 8.2.4281

[Bram Moolenaar]

Patch 8.2.4281
Problem: Using freed memory with :lopen and :bwipe.
Solution: Do not use a wiped out buffer.
Files: src/buffer.c, src/testdir/test_quickfix.vim


*** ../vim-8.2.4280/src/buffer.c 2022-01-28 15:28:00.200927841 +0000
--- src/buffer.c 2022-02-01 13:52:22.188928452 +0000
***************
*** 1706,1711 ****
--- 1706,1712 ----
#endif
bufref_T newbufref;
bufref_T prevbufref;
+ int valid;

setpcmark();
if ((cmdmod.cmod_flags & CMOD_KEEPALT) == 0)
***************
*** 1763,1775 ****
// An autocommand may have deleted "buf", already entered it (e.g., when
// it did ":bunload") or aborted the script processing.
// If curwin->w_buffer is null, enter_buffer() will make it valid again
! if ((buf_valid(buf) && buf != curbuf
#ifdef FEAT_EVAL
&& !aborting()
#endif
) || curwin->w_buffer == NULL)
{
! enter_buffer(buf);
#ifdef FEAT_SYN_HL
if (old_tw != curbuf->b_p_tw)
check_colorcolumn(curwin);
--- 1764,1782 ----
// An autocommand may have deleted "buf", already entered it (e.g., when
// it did ":bunload") or aborted the script processing.
// If curwin->w_buffer is null, enter_buffer() will make it valid again
! valid = buf_valid(buf);
! if ((valid && buf != curbuf
#ifdef FEAT_EVAL
&& !aborting()
#endif
) || curwin->w_buffer == NULL)
{
! // If the buffer is not valid but curwin->w_buffer is NULL we must
! // enter some buffer. Using the last one is hopefully OK.
! if (!valid)
! enter_buffer(lastbuf);
! else
! enter_buffer(buf);
#ifdef FEAT_SYN_HL
if (old_tw != curbuf->b_p_tw)
check_colorcolumn(curwin);
***************
*** 2288,2295 ****
clear_string_option(&buf->b_p_vsts);
vim_free(buf->b_p_vsts_nopaste);
buf->b_p_vsts_nopaste = NULL;
! vim_free(buf->b_p_vsts_array);
! buf->b_p_vsts_array = NULL;
clear_string_option(&buf->b_p_vts);
VIM_CLEAR(buf->b_p_vts_array);
#endif
--- 2295,2301 ----
clear_string_option(&buf->b_p_vsts);
vim_free(buf->b_p_vsts_nopaste);
buf->b_p_vsts_nopaste = NULL;
! VIM_CLEAR(buf->b_p_vsts_array);
clear_string_option(&buf->b_p_vts);
VIM_CLEAR(buf->b_p_vts_array);
#endif
*** ../vim-8.2.4280/src/testdir/test_quickfix.vim 2022-01-29 21:45:30.485921485 +0000
--- src/testdir/test_quickfix.vim 2022-02-01 13:50:21.562719876 +0000
***************
*** 979,984 ****
--- 979,985 ----
call assert_fails('lrewind', 'E924:')

augroup! testgroup
+ delfunc R
endfunc

func Test_locationlist_cross_tab_jump()
***************
*** 5835,5838 ****
--- 5836,5855 ----
%bw!
endfunc

+ " Weird sequence of commands that caused entering a wiped-out buffer
+ func Test_lopen_bwipe()
+ func R()
+ silent! tab lopen
+ e x
+ silent! lfile
+ endfunc
+
+ cal R()
+ cal R()
+ cal R()
+ bw!
+ delfunc R
+ endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.4280/src/version.c 2022-02-01 12:47:03.775540464 +0000
--- src/version.c 2022-02-01 13:43:37.212714666 +0000
***************
*** 748,749 ****
--- 748,751 ----
{ /* Add new patch number below this line */
+ /**/
+ 4281,
/**/

--
Are leaders born or made? And if they're made, can we return them under
warranty?
(Scott Adams - The Dilbert principle)

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///