diff options
| author | erw7 <erw7.github@gmail.com> | 2017-03-29 21:39:58 +0900 |
|---|---|---|
| committer | Justin M. Keyes <justinkz@gmail.com> | 2017-08-16 09:13:43 +0200 |
| commit | e635754e8e9a92d1537ccc980c63eaa2e9d732bb (patch) | |
| tree | 8071e2d36964f3aa3d0db702e315d8a2fea4371e | |
| parent | 4b1f21de75f9981007d80aca8355239e8615d6bd (diff) | |
| download | rneovim-e635754e8e9a92d1537ccc980c63eaa2e9d732bb.tar.gz rneovim-e635754e8e9a92d1537ccc980c63eaa2e9d732bb.tar.bz2 rneovim-e635754e8e9a92d1537ccc980c63eaa2e9d732bb.zip | |
win/pty: jobstart, jobstop: fix null-pointer dereference
- Make sure that proc->in is not NULL, because nvim crashed when
starting a job with pty.
- Make sure that proc->out is not NULL, because nvim crashed when stopping
a job opened with pty.
| -rw-r--r-- | src/nvim/os/pty_process_win.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/src/nvim/os/pty_process_win.c b/src/nvim/os/pty_process_win.c index ea95c1bb09..101f468005 100644 --- a/src/nvim/os/pty_process_win.c +++ b/src/nvim/os/pty_process_win.c @@ -19,7 +19,7 @@ static void wait_eof_timer_cb(uv_timer_t *wait_eof_timer) (PtyProcess *)((uv_handle_t *)wait_eof_timer->data); Process *proc = (Process *)ptyproc; - if (!uv_is_readable(proc->out->uvstream)) { + if (!proc->out || !uv_is_readable(proc->out->uvstream)) { uv_timer_stop(&ptyproc->wait_eof_timer); pty_process_finish2(ptyproc); } @@ -50,7 +50,7 @@ int pty_process_spawn(PtyProcess *ptyproc) uv_connect_t *in_req = NULL, *out_req = NULL; wchar_t *cmdline = NULL, *cwd = NULL; - assert(proc->in && proc->out && !proc->err); + assert(!proc->err); if (!(cfg = winpty_config_new( WINPTY_FLAG_ALLOW_CURPROC_DESKTOP_CREATION, &err))) { @@ -71,18 +71,22 @@ int pty_process_spawn(PtyProcess *ptyproc) if ((status = utf16_to_utf8(winpty_conout_name(wp), &out_name))) { goto cleanup; } - in_req = xmalloc(sizeof(uv_connect_t)); - out_req = xmalloc(sizeof(uv_connect_t)); - uv_pipe_connect( - in_req, - &proc->in->uv.pipe, - in_name, - pty_process_connect_cb); - uv_pipe_connect( - out_req, - &proc->out->uv.pipe, - out_name, - pty_process_connect_cb); + if (proc->in) { + in_req = xmalloc(sizeof(uv_connect_t)); + uv_pipe_connect( + in_req, + &proc->in->uv.pipe, + in_name, + pty_process_connect_cb); + } + if (proc->out) { + out_req = xmalloc(sizeof(uv_connect_t)); + uv_pipe_connect( + out_req, + &proc->out->uv.pipe, + out_name, + pty_process_connect_cb); + } if (proc->cwd != NULL && (status = utf8_to_utf16(proc->cwd, &cwd))) { goto cleanup; @@ -107,7 +111,7 @@ int pty_process_spawn(PtyProcess *ptyproc) abort(); } - while (in_req->handle || out_req->handle) { + while ((in_req && in_req->handle) || (out_req && out_req->handle)) { uv_run(&proc->loop->uv, UV_RUN_ONCE); } |