From 8ecfa2c56b4992c7f067b92488aa9acea5a454ad Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Wed, 21 Sep 2022 13:07:22 +0100 Subject: [PATCH] patch 9.0.0530: using freed memory when autocmd changes mark Problem: Using freed memory when autocmd changes mark. Solution: Copy the mark before editing another buffer. --- src/mark.c | 12 +++++++----- src/testdir/test_marks.vim | 13 +++++++++++++ src/version.c | 2 ++ 3 files changed, 22 insertions(+), 5 deletions(-) --- a/src/mark.c +++ b/src/mark.c @@ -252,17 +252,19 @@ movemark(int count) fname2fnum(jmp); if (jmp->fmark.fnum != curbuf->b_fnum) { - /* jump to other file */ - if (buflist_findnr(jmp->fmark.fnum) == NULL) + /* Make a copy, an autocommand may make "jmp" invalid. */ + fmark_T fmark = jmp->fmark; + + /* jump to the file with the mark */ + if (buflist_findnr(fmark.fnum) == NULL) { /* Skip this one .. */ count += count < 0 ? -1 : 1; continue; } - if (buflist_getfile(jmp->fmark.fnum, jmp->fmark.mark.lnum, - 0, FALSE) == FAIL) + if (buflist_getfile(fmark.fnum, fmark.mark.lnum, 0, FALSE) == FAIL) return (pos_T *)NULL; /* Set lnum again, autocommands my have changed it */ - curwin->w_cursor = jmp->fmark.mark; + curwin->w_cursor = fmark.mark; pos = (pos_T *)-1; } else --- a/src/testdir/test_marks.vim +++ b/src/testdir/test_marks.vim @@ -174,3 +174,16 @@ func Test_mark_error() call assert_fails('mark xx', 'E488:') call assert_fails('mark _', 'E191:') endfunc +" This was using freed memory +func Test_jump_mark_autocmd() + next 00 + edit 0 + sargument + au BufEnter 0 all + sil norm  + + au! BufEnter + bwipe! +endfunc + + --- a/src/version.c +++ b/src/version.c @@ -2619,6 +2619,7 @@ static char *(extra_patches[]) = "8.2.3409", "8.2.3428", "9.0.0490", + "9.0.0530", /**/ NULL };