To: vim_dev@googlegroups.com
Subject: Patch 8.2.5079
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 8.2.5079
Problem:    DirChanged autocommand may use freed memory. (Shane-XB Qian)
Solution:   Free the memory later. (closes #10555)
Files:      src/ex_docmd.c, src/testdir/test_autocmd.vim


*** ../vim-8.2.5078/src/ex_docmd.c	2022-06-06 15:38:10.867573392 +0100
--- src/ex_docmd.c	2022-06-12 11:48:22.364607423 +0100
***************
*** 7525,7530 ****
--- 7525,7531 ----
      int		dir_differs;
      char_u	*acmd_fname = NULL;
      char_u	**pp;
+     char_u	*tofree;
  
      if (new_dir == NULL || allbuf_locked())
  	return FALSE;
***************
*** 7601,7613 ****
  	pp = &curtab->tp_prevdir;
      else
  	pp = &prev_dir;
!     vim_free(*pp);
      *pp = pdir;
  
      post_chdir(scope);
  
      if (dir_differs)
  	apply_autocmds(EVENT_DIRCHANGED, acmd_fname, new_dir, FALSE, curbuf);
      return TRUE;
  }
  
--- 7602,7615 ----
  	pp = &curtab->tp_prevdir;
      else
  	pp = &prev_dir;
!     tofree = *pp;  // new_dir may use this
      *pp = pdir;
  
      post_chdir(scope);
  
      if (dir_differs)
  	apply_autocmds(EVENT_DIRCHANGED, acmd_fname, new_dir, FALSE, curbuf);
+     vim_free(tofree);
      return TRUE;
  }
  
*** ../vim-8.2.5078/src/testdir/test_autocmd.vim	2022-06-03 17:39:43.234182363 +0100
--- src/testdir/test_autocmd.vim	2022-06-12 11:42:51.936577684 +0100
***************
*** 2107,2112 ****
--- 2107,2119 ----
    call assert_equal(expected, s:li)
    exe 'lcd ' .. fnameescape(s:dir_bar)
    call assert_equal(expected, s:li)
+ 
+   exe 'cd ' .. s:dir_foo
+   exe 'cd ' .. s:dir_bar
+   autocmd! test_dirchanged DirChanged global let g:result = expand("<afile>")
+   cd -
+   call assert_equal(s:dir_foo, g:result)
+ 
    call s:After_test_dirchanged()
  endfunc
  
*** ../vim-8.2.5078/src/version.c	2022-06-12 11:12:58.948404646 +0100
--- src/version.c	2022-06-12 11:38:54.668554972 +0100
***************
*** 736,737 ****
--- 736,739 ----
  {   /* Add new patch number below this line */
+ /**/
+     5079,
  /**/

-- 
BRIDGEKEEPER: What is the air-speed velocity of an unladen swallow?
ARTHUR:       What do you mean?  An African or European swallow?
BRIDGEKEEPER: Er ...  I don't know that ... Aaaaarrrrrrggghhh!
   BRIDGEKEEPER is cast into the gorge.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///