/*
* Add file "fname" to argument list "al".
* "fname" must have been allocated and "al" must have been checked for room.
+ *
+ * May trigger Buf* autocommands
*/
void
alist_add(
if (check_arglist_locked() == FAIL)
return;
arglist_locked = TRUE;
+ curwin->w_locked = TRUE;
#ifdef BACKSLASH_IN_FILENAME
slash_adjust(fname);
++al->al_ga.ga_len;
arglist_locked = FALSE;
+ curwin->w_locked = FALSE;
}
#if defined(BACKSLASH_IN_FILENAME) || defined(PROTO)
mch_memmove(&(ARGLIST[after + count]), &(ARGLIST[after]),
(ARGCOUNT - after) * sizeof(aentry_T));
arglist_locked = TRUE;
+ curwin->w_locked = TRUE;
for (i = 0; i < count; ++i)
{
int flags = BLN_LISTED | (will_edit ? BLN_CURBUF : 0);
ARGLIST[after + i].ae_fnum = buflist_add(files[i], flags);
}
arglist_locked = FALSE;
+ curwin->w_locked = FALSE;
ALIST(curwin)->al_ga.ga_len += count;
if (old_argcount > 0 && curwin->w_arg_idx >= after)
curwin->w_arg_idx += count;
// (unless it's the only window). Repeat this so long as we end up in
// a window with this buffer.
while (buf == curbuf
- && !(curwin->w_closing || curwin->w_buffer->b_locked > 0)
+ && !(win_locked(curwin) || curwin->w_buffer->b_locked > 0)
&& (!ONE_WINDOW || first_tabpage->tp_next != NULL))
{
if (win_close(curwin, FALSE) == FAIL)
: wp->w_width != Columns)
|| (had_tab > 0 && wp != firstwin))
&& !ONE_WINDOW
- && !(wp->w_closing || wp->w_buffer->b_locked > 0)
+ && !(win_locked(wp) || wp->w_buffer->b_locked > 0)
&& !win_unlisted(wp))
{
if (win_close(wp, FALSE) == FAIL)
// Set the w_closing flag to avoid that autocommands close the
// window. And set b_locked for the same reason.
- the_curwin->w_closing = TRUE;
+ the_curwin->w_locked = TRUE;
++buf->b_locked;
if (curbuf == old_curbuf.br_buf)
// Autocommands may have closed the window.
if (win_valid(the_curwin))
- the_curwin->w_closing = FALSE;
+ the_curwin->w_locked = FALSE;
--buf->b_locked;
#ifdef FEAT_EVAL
int get_tab_number(tabpage_T *tp);
char *check_colorcolumn(win_T *wp);
int get_last_winid(void);
+int win_locked(win_T *wp);
/* vim: set ft=c : */
synblock_T *w_s; // for :ownsyntax
#endif
- int w_closing; // window is being closed, don't let
+ int w_locked; // window is being closed, don't let
// autocommands close it too.
frame_T *w_frame; // frame containing this window
if (is_aucmd_win(curwin))
do_set_w_closing = TRUE;
if (do_set_w_closing)
- curwin->w_closing = TRUE;
+ curwin->w_locked = TRUE;
do_bufdel(DOBUF_WIPE, (char_u *)"", 1, fnum, fnum, FALSE);
if (do_set_w_closing)
- curwin->w_closing = FALSE;
+ curwin->w_locked = FALSE;
aucmd_restbuf(&aco);
}
#ifdef FEAT_PROP_POPUP
call assert_equal('', argv(1, 100))
call assert_equal([], argv(-1, 100))
call assert_equal('', argv(10, -1))
+ %argdelete
endfunc
" Test for the :argedit command
%bw!
endfunc
+" Test for deleting buffer when creating an arglist. This was accessing freed
+" memory
+func Test_crash_arglist_uaf()
+ "%argdelete
+ new one
+ au BufAdd XUAFlocal :bw
+ "call assert_fails(':arglocal XUAFlocal', 'E163:')
+ arglocal XUAFlocal
+ au! BufAdd
+ bw! XUAFlocal
+
+ au BufAdd XUAFlocal2 :bw
+ new two
+ new three
+ arglocal
+ argadd XUAFlocal2 Xfoobar
+ bw! XUAFlocal2
+ bw! two
+
+ au! BufAdd
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 678,
/**/
677,
/**/
for (wp = firstwin; wp != NULL && !ONE_WINDOW; )
{
if (wp->w_buffer == buf && (!keep_curwin || wp != curwin)
- && !(wp->w_closing || wp->w_buffer->b_locked > 0))
+ && !(win_locked(wp) || wp->w_buffer->b_locked > 0))
{
if (win_close(wp, FALSE) == FAIL)
// If closing the window fails give up, to avoid looping
if (tp != curtab)
FOR_ALL_WINDOWS_IN_TAB(tp, wp)
if (wp->w_buffer == buf
- && !(wp->w_closing || wp->w_buffer->b_locked > 0))
+ && !(win_locked(wp) || wp->w_buffer->b_locked > 0))
{
win_close_othertab(wp, FALSE, tp);
bufref_T bufref;
set_bufref(&bufref, curbuf);
- win->w_closing = TRUE;
+ win->w_locked = TRUE;
close_buffer(win, win->w_buffer, action, abort_if_last, TRUE);
if (win_valid_any_tab(win))
- win->w_closing = FALSE;
+ win->w_locked = FALSE;
// Make sure curbuf is valid. It can become invalid if 'bufhidden' is
// "wipe".
if (!bufref_valid(&bufref))
if (window_layout_locked(CMD_close))
return FAIL;
- if (win->w_closing || (win->w_buffer != NULL
+ if (win_locked(win) || (win->w_buffer != NULL
&& win->w_buffer->b_locked > 0))
return FAIL; // window is already being closed
if (win_unlisted(win))
other_buffer = TRUE;
if (!win_valid(win))
return FAIL;
- win->w_closing = TRUE;
+ win->w_locked = TRUE;
apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf);
if (!win_valid(win))
return FAIL;
- win->w_closing = FALSE;
+ win->w_locked = FALSE;
if (last_window())
return FAIL;
}
- win->w_closing = TRUE;
+ win->w_locked = TRUE;
apply_autocmds(EVENT_WINLEAVE, NULL, NULL, FALSE, curbuf);
if (!win_valid(win))
return FAIL;
- win->w_closing = FALSE;
+ win->w_locked = FALSE;
if (last_window())
return FAIL;
#ifdef FEAT_EVAL
// Get here with win->w_buffer == NULL when win_close() detects the tab
// page changed.
- if (win->w_closing || (win->w_buffer != NULL
+ if (win_locked(win) || (win->w_buffer != NULL
&& win->w_buffer->b_locked > 0))
return; // window is already being closed
{
return last_win_id;
}
+
+/*
+ * Don't let autocommands close the given window
+ */
+ int
+win_locked(win_T *wp)
+{
+ return wp->w_locked;
+}
projects / thirdparty / vim.git / commitdiff
