Fix potential crash when executing commands in bindings

The function run_prompt_command may reallocate the run_request,
invalidating the pointer to the current request if it was inside
run_request. The resulting use-after-free would cause occasional crashes.

Fixes #1001

include/tig/prompt.h

@@ -53,7 +53,7 @@ bool prompt_menu(const char *prompt, const struct menu_item *items, int *selecte
 
 enum request run_prompt_command(struct view *view, const char *argv[]);
 enum request open_prompt(struct view *view);
-enum request exec_run_request(struct view *view, struct run_request *req);
+enum request exec_run_request(struct view *view, enum request request, struct run_request *req);
 
 #endif
 /* vim: set ts=8 sw=8 noexpandtab: */

src/prompt.c

@@ -1013,7 +1013,7 @@ run_prompt_command(struct view *view, const char *argv[])
 			argv[1] = cmd;
 			report("Failed to execute command: %s", get_status_message(code));
 		} else {
-			request = exec_run_request(view, &req);
+			request = exec_run_request(view, REQ_UNKNOWN, &req);
 			argv[1] = cmd;
 			return request;
 		}
@@ -1088,7 +1088,7 @@ run_prompt_command(struct view *view, const char *argv[])
 }
 
 enum request
-exec_run_request(struct view *view, struct run_request *req)
+exec_run_request(struct view *view, enum request request, struct run_request *req)
 {
 	const char **argv = NULL;
 	bool confirmed = false;
@@ -1108,6 +1108,10 @@ exec_run_request(struct view *view, struct run_request *req)
 	if (req->flags.internal) {
 		result_request = run_prompt_command(view, argv);
 
+		if (request != REQ_UNKNOWN) {
+			req = get_run_request(request);
+		}
+
 	} else {
 		confirmed = !req->flags.confirm;
 

src/tig.c

@@ -140,7 +140,7 @@ open_run_request(struct view *view, enum request request)
 		return REQ_NONE;
 	}
 
-	return exec_run_request(view, req);
+	return exec_run_request(view, request, req);
 }
 
 /*