From 1c3dd8ddcba63c1af5112e567215b3cec2de11d0 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Sat, 17 Sep 2022 19:43:23 +0100 Subject: [PATCH] patch 9.0.0490: using freed memory with cmdwin and BufEnter autocmd Problem: Using freed memory with cmdwin and BufEnter autocmd. Solution: Make sure pointer to b_p_iminsert is still valid. --- src/ex_getln.c | 6 +++++- src/testdir/test_cmdline.vim | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/ex_getln.c b/src/ex_getln.c index 8383eee..b299bd0 100644 --- a/src/ex_getln.c +++ b/src/ex_getln.c @@ -817,6 +817,7 @@ getcmdline_int( #endif expand_T xpc; long *b_im_ptr = NULL; + buf_T *b_im_ptr_buf = NULL; // buffer where b_im_ptr is valid cmdline_info_T save_ccline; int did_save_ccline = FALSE; int cmdline_type; @@ -938,6 +939,7 @@ getcmdline_int( b_im_ptr = &curbuf->b_p_iminsert; else b_im_ptr = &curbuf->b_p_imsearch; + b_im_ptr_buf = curbuf; if (*b_im_ptr == B_IMODE_LMAP) State |= LANGMAP; #ifdef HAVE_INPUT_METHOD @@ -1666,6 +1668,7 @@ getcmdline_int( goto cmdline_not_changed; case Ctrl_HAT: + b_im_ptr = buf_valid(b_im_ptr_buf) ? b_im_ptr : NULL; if (map_to_exists_mode((char_u *)"", LANGMAP, FALSE)) { // ":lmap" mappings exists, toggle use of mappings. @@ -2430,7 +2433,8 @@ returncmd: State = save_State; #ifdef HAVE_INPUT_METHOD - if (b_im_ptr != NULL && *b_im_ptr != B_IMODE_LMAP) + if (b_im_ptr != NULL && buf_valid(b_im_ptr_buf) + && *b_im_ptr != B_IMODE_LMAP) im_save_status(b_im_ptr); im_set_active(FALSE); #endif diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim index 68852a7..c442d7f 100644 --- a/src/testdir/test_cmdline.vim +++ b/src/testdir/test_cmdline.vim @@ -952,4 +952,14 @@ func Test_cmdline_expand_special() call assert_fails('e ', 'E497:') endfunc +" This was using a pointer to a freed buffer +func Test_cmdwin_freed_buffer_ptr() + au BufEnter * next 0| file + edit 0 + silent! norm q/ + + au! BufEnter + bwipe! +endfunc + " vim: shiftwidth=2 sts=2 expandtab -- 2.27.0