To: vim_dev@googlegroups.com Subject: Patch 8.0.0782 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.0782 Problem: Using freed memory in quickfix code. (Dominique Pelle) Solution: Handle a help window differently. (Yegappan Lakshmanan) Files: src/buffer.c, src/proto/buffer.pro, src/quickfix.c, src/testdir/test_quickfix.vim, src/ex_cmds.c, src/window.c *** ../vim-8.0.0781/src/buffer.c 2017-07-25 23:31:06.886518504 +0200 --- src/buffer.c 2017-07-27 21:55:43.058120316 +0200 *************** *** 249,255 **** netbeansFireChanges = oldFire; #endif /* Help buffer is filtered. */ ! if (curbuf->b_help) fix_help_buffer(); } else if (read_stdin) --- 249,255 ---- netbeansFireChanges = oldFire; #endif /* Help buffer is filtered. */ ! if (bt_help(curbuf)) fix_help_buffer(); } else if (read_stdin) *************** *** 5669,5674 **** --- 5669,5683 ---- } /* + * Return TRUE if "buf" is a help buffer. + */ + int + bt_help(buf_T *buf) + { + return buf != NULL && buf->b_help; + } + + /* * Return TRUE if "buf" is a "nofile", "acwrite" or "terminal" buffer. * This means the buffer name is not a file name. */ *** ../vim-8.0.0781/src/proto/buffer.pro 2017-07-25 23:31:06.886518504 +0200 --- src/proto/buffer.pro 2017-07-27 21:49:01.016972132 +0200 *************** *** 55,60 **** --- 55,61 ---- void write_viminfo_bufferlist(FILE *fp); int bt_quickfix(buf_T *buf); int bt_terminal(buf_T *buf); + int bt_help(buf_T *buf); int bt_nofile(buf_T *buf); int bt_dontwrite(buf_T *buf); int bt_dontwrite_msg(buf_T *buf); *** ../vim-8.0.0781/src/quickfix.c 2017-07-25 23:31:06.886518504 +0200 --- src/quickfix.c 2017-07-27 21:57:20.145432236 +0200 *************** *** 2101,2107 **** /* * For ":helpgrep" find a help window or open one. */ ! if (qf_ptr->qf_type == 1 && (!curwin->w_buffer->b_help || cmdmod.tab != 0)) { win_T *wp; --- 2101,2107 ---- /* * For ":helpgrep" find a help window or open one. */ ! if (qf_ptr->qf_type == 1 && (!bt_help(curwin->w_buffer) || cmdmod.tab != 0)) { win_T *wp; *************** *** 2109,2115 **** wp = NULL; else FOR_ALL_WINDOWS(wp) ! if (wp->w_buffer != NULL && wp->w_buffer->b_help) break; if (wp != NULL && wp->w_buffer->b_nwindows > 0) win_enter(wp, TRUE); --- 2109,2115 ---- wp = NULL; else FOR_ALL_WINDOWS(wp) ! if (bt_help(wp->w_buffer)) break; if (wp != NULL && wp->w_buffer->b_nwindows > 0) win_enter(wp, TRUE); *************** *** 5343,5352 **** if (eap->cmdidx == CMD_lhelpgrep) { ! /* Find an existing help window */ ! FOR_ALL_WINDOWS(wp) ! if (wp->w_buffer != NULL && wp->w_buffer->b_help) ! break; if (wp == NULL) /* Help window not found */ qi = NULL; --- 5343,5356 ---- if (eap->cmdidx == CMD_lhelpgrep) { ! /* If the current window is a help window, then use it */ ! if (bt_help(curwin->w_buffer)) ! wp = curwin; ! else ! /* Find an existing help window */ ! FOR_ALL_WINDOWS(wp) ! if (bt_help(wp->w_buffer)) ! break; if (wp == NULL) /* Help window not found */ qi = NULL; *************** *** 5515,5521 **** { /* If the help window is not opened or if it already points to the * correct location list, then free the new location list. */ ! if (!curwin->w_buffer->b_help || curwin->w_llist == qi) { if (new_qi) ll_free_all(&qi); --- 5519,5525 ---- { /* If the help window is not opened or if it already points to the * correct location list, then free the new location list. */ ! if (!bt_help(curwin->w_buffer) || curwin->w_llist == qi) { if (new_qi) ll_free_all(&qi); *** ../vim-8.0.0781/src/testdir/test_quickfix.vim 2017-07-19 17:05:55.179185982 +0200 --- src/testdir/test_quickfix.vim 2017-07-27 21:49:01.020972103 +0200 *************** *** 2287,2289 **** --- 2287,2303 ---- call Xchangedtick_tests('c') call Xchangedtick_tests('l') endfunc + + " Open multiple help windows using ":lhelpgrep + " This test used to crash Vim + func Test_Multi_LL_Help() + new | only + lhelpgrep window + lopen + e# + lhelpgrep buffer + call assert_equal(3, winnr('$')) + call assert_true(len(getloclist(1)) != 0) + call assert_true(len(getloclist(2)) != 0) + new | only + endfunc *** ../vim-8.0.0781/src/ex_cmds.c 2017-07-15 19:22:33.646179881 +0200 --- src/ex_cmds.c 2017-07-27 21:56:19.121864696 +0200 *************** *** 6314,6320 **** * Re-use an existing help window or open a new one. * Always open a new one for ":tab help". */ ! if (!curwin->w_buffer->b_help #ifdef FEAT_WINDOWS || cmdmod.tab != 0 #endif --- 6314,6320 ---- * Re-use an existing help window or open a new one. * Always open a new one for ":tab help". */ ! if (!bt_help(curwin->w_buffer) #ifdef FEAT_WINDOWS || cmdmod.tab != 0 #endif *************** *** 6325,6331 **** wp = NULL; else FOR_ALL_WINDOWS(wp) ! if (wp->w_buffer != NULL && wp->w_buffer->b_help) break; if (wp != NULL && wp->w_buffer->b_nwindows > 0) win_enter(wp, TRUE); --- 6325,6331 ---- wp = NULL; else FOR_ALL_WINDOWS(wp) ! if (bt_help(wp->w_buffer)) break; if (wp != NULL && wp->w_buffer->b_nwindows > 0) win_enter(wp, TRUE); *************** *** 6425,6431 **** FOR_ALL_WINDOWS(win) { ! if (win->w_buffer->b_help) { win_close(win, FALSE); return; --- 6425,6431 ---- FOR_ALL_WINDOWS(win) { ! if (bt_help(win->w_buffer)) { win_close(win, FALSE); return; *** ../vim-8.0.0781/src/window.c 2017-06-26 09:59:30.573041754 +0200 --- src/window.c 2017-07-27 21:58:28.732946283 +0200 *************** *** 2314,2320 **** /* When closing the help window, try restoring a snapshot after closing * the window. Otherwise clear the snapshot, it's now invalid. */ ! if (win->w_buffer != NULL && win->w_buffer->b_help) help_window = TRUE; else clear_snapshot(curtab, SNAP_HELP_IDX); --- 2314,2320 ---- /* When closing the help window, try restoring a snapshot after closing * the window. Otherwise clear the snapshot, it's now invalid. */ ! if (bt_help(win->w_buffer)) help_window = TRUE; else clear_snapshot(curtab, SNAP_HELP_IDX); *************** *** 2397,2403 **** && (last_window() || curtab != prev_curtab || close_last_window_tabpage(win, free_buf, prev_curtab))) { ! /* Autocommands have close all windows, quit now. Restore * curwin->w_buffer, otherwise writing viminfo may fail. */ if (curwin->w_buffer == NULL) curwin->w_buffer = curbuf; --- 2397,2403 ---- && (last_window() || curtab != prev_curtab || close_last_window_tabpage(win, free_buf, prev_curtab))) { ! /* Autocommands have closed all windows, quit now. Restore * curwin->w_buffer, otherwise writing viminfo may fail. */ if (curwin->w_buffer == NULL) curwin->w_buffer = curbuf; *************** *** 6479,6485 **** FOR_ALL_WINDOWS(wp) if (wp->w_buffer != NULL ! && (!((wp->w_buffer->b_help && !curbuf->b_help) # ifdef FEAT_QUICKFIX || wp->w_p_pvw # endif --- 6479,6485 ---- FOR_ALL_WINDOWS(wp) if (wp->w_buffer != NULL ! && (!((bt_help(wp->w_buffer) && !bt_help(curbuf)) # ifdef FEAT_QUICKFIX || wp->w_p_pvw # endif *** ../vim-8.0.0781/src/version.c 2017-07-27 21:46:38.389969291 +0200 --- src/version.c 2017-07-27 21:50:41.480259242 +0200 *************** *** 771,772 **** --- 771,774 ---- { /* Add new patch number below this line */ + /**/ + 782, /**/ -- We're knights of the Round Table Our shows are formidable But many times We're given rhymes That are quite unsingable We're opera mad in Camelot We sing from the diaphragm a lot. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///