patch 8.1.2136: using freed memory with autocmd from fuzzer

Problem:    using freed memory with autocmd from fuzzer. (Dhiraj Mishra,
            Dominique Pelle)
Solution:   Avoid using "wp" after autocommands. (closes #5041)
This commit is contained in:
Bram Moolenaar
2019-10-11 21:19:13 +02:00
parent 00eab7f128
commit ec66c41d84
3 changed files with 12 additions and 1 deletions

View File

@ -2288,3 +2288,11 @@ func Test_autocmd_CmdWinEnter()
call StopVimInTerminal(buf)
call delete(filename)
endfunc
func Test_autocmd_was_using_freed_memory()
pedit xx
n x
au WinEnter * quit
split
au! WinEnter
endfunc

View File

@ -753,6 +753,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
2136,
/**/
2135,
/**/

View File

@ -4641,6 +4641,7 @@ win_enter_ext(
#ifdef FEAT_JOB_CHANNEL
entering_window(curwin);
#endif
// Careful: autocommands may close the window and make "wp" invalid
if (trigger_new_autocmds)
apply_autocmds(EVENT_WINNEW, NULL, NULL, FALSE, curbuf);
if (trigger_enter_autocmds)
@ -4655,7 +4656,7 @@ win_enter_ext(
#endif
curwin->w_redr_status = TRUE;
#ifdef FEAT_TERMINAL
if (bt_terminal(wp->w_buffer))
if (bt_terminal(curwin->w_buffer))
// terminal is likely in another mode
redraw_mode = TRUE;
#endif