File _service:tar_scm:backport-CVE-2024-41965.patch of Package vim

From b29f4abcd4b3382fa746edd1d0562b7b48c9de60 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Thu, 1 Aug 2024 22:10:28 +0200
Subject: [PATCH] patch 9.1.0648: [security] double-free in dialog_changed()

Problem:  [security] double-free in dialog_changed()
          (SuyueGuo)
Solution: Only clear pointer b_sfname pointer, if it is different
          than the b_ffname pointer.  Don't try to free b_fname,
          set it to NULL instead.

fixes: #15403

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f

Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/ex_cmds2.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ex_cmds2.c b/src/ex_cmds2.c
index ce30b8d39..0d76b3b27 100644
--- a/src/ex_cmds2.c
+++ b/src/ex_cmds2.c
@@ -197,9 +197,11 @@ dialog_changed(
 	// restore to empty when write failed
 	if (empty_bufname)
 	{
-	    VIM_CLEAR(buf->b_fname);
+	    // prevent double free
+	    if (buf->b_sfname != buf->b_ffname)
+		VIM_CLEAR(buf->b_sfname);
+	    buf->b_fname = NULL;
 	    VIM_CLEAR(buf->b_ffname);
-	    VIM_CLEAR(buf->b_sfname);
 	    unchanged(buf, TRUE, FALSE);
 	}
     }
-- 
2.33.0