vim-patch:8.0.1446: acessing freed memory after window command in auto command

Problem:    Acessing freed memory after window command in auto command.
            (gy741)
Solution:   Adjust the pointer in the parent frame. (Christian Brabandt,
            closes vim/vim#2467)
6f361c9912

src/nvim/testdir/test_window_cmd.vim

@@ -455,4 +455,15 @@ func Test_window_contents()
   call test_garbagecollect_now()
 endfunc
 
+func Test_access_freed_mem()
+  " This was accessing freed memory
+  au * 0 vs xxx
+  arg 0
+  argadd
+  all
+  all
+  au!
+  bwipe xxx
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab

src/nvim/window.c

@@ -2296,6 +2296,9 @@ winframe_remove (
     if (frp2->fr_win != NULL)
       frp2->fr_win->w_frame = frp2->fr_parent;
     frp = frp2->fr_parent;
+    if (topframe->fr_child == frp2) {
+      topframe->fr_child = frp;
+    }
     xfree(frp2);
 
     frp2 = frp->fr_parent;
@@ -2317,6 +2320,9 @@ winframe_remove (
           break;
         }
       }
+      if (topframe->fr_child == frp) {
+        topframe->fr_child = frp2;
+      }
       xfree(frp);
     }
   }
@@ -2959,7 +2965,6 @@ static int win_alloc_firstwin(win_T *oldwin)
   topframe = curwin->w_frame;
   topframe->fr_width = Columns;
   topframe->fr_height = Rows - p_ch;
-  topframe->fr_win = curwin;
 
   return OK;
 }
@@ -4017,12 +4022,18 @@ static void frame_insert(frame_T *before, frame_T *frp)
  */
 static void frame_remove(frame_T *frp)
 {
-  if (frp->fr_prev != NULL)
+  if (frp->fr_prev != NULL) {
     frp->fr_prev->fr_next = frp->fr_next;
-  else
+  } else {
     frp->fr_parent->fr_child = frp->fr_next;
-  if (frp->fr_next != NULL)
+    // special case: topframe->fr_child == frp
+    if (topframe->fr_child == frp) {
+      topframe->fr_child = frp->fr_next;
+    }
+  }
+  if (frp->fr_next != NULL) {
     frp->fr_next->fr_prev = frp->fr_prev;
+  }
 }