diff options
| author | Abdelhakeem Osama <abdelhakeem.osama@hotmail.com> | 2019-09-08 03:02:29 +0200 |
|---|---|---|
| committer | Justin M. Keyes <justinkz@gmail.com> | 2019-09-07 18:02:29 -0700 |
| commit | 6692c0958f476456b59cd9f36b35b1c5b3202145 (patch) | |
| tree | 9ff1ceb861bdae8cd3ed37352d6646db810d1d3a | |
| parent | 158b78062e9daa65203b4591dae733dd6c11ad2c (diff) | |
| download | rneovim-6692c0958f476456b59cd9f36b35b1c5b3202145.tar.gz rneovim-6692c0958f476456b59cd9f36b35b1c5b3202145.tar.bz2 rneovim-6692c0958f476456b59cd9f36b35b1c5b3202145.zip | |
shada: initialize jumplist before search pattern (#10964)
Since 8b8ecf4, the shada module loads files in the jumplist to properly
clear duplicates. This can trigger some autocommands, which in turn
saves and restores search and substitute patterns, freeing the previous
strings in "spats" which are held in "wms" as well (heap-use-after-free).
To avoid this, initialize the jumplist in "wms" before search patterns.
| -rw-r--r-- | src/nvim/shada.c | 10 | ||||
| -rw-r--r-- | test/functional/shada/history_spec.lua | 13 |
2 files changed, 18 insertions, 5 deletions
diff --git a/src/nvim/shada.c b/src/nvim/shada.c index 7e7e7cfdf7..4b34153164 100644 --- a/src/nvim/shada.c +++ b/src/nvim/shada.c @@ -2705,6 +2705,11 @@ static ShaDaWriteResult shada_write(ShaDaWriteDef *const sd_writer, } while (var_iter != NULL); } + // Initialize jump list + setpcmark(); + cleanup_jumplist(curwin, false); + wms->jumps_size = shada_init_jumps(wms->jumps, &removable_bufs); + const bool search_highlighted = !(no_hlsearch || find_shada_parameter('h') != NULL); const bool search_last_used = search_was_last_used(); @@ -2736,11 +2741,6 @@ static ShaDaWriteResult shada_write(ShaDaWriteDef *const sd_writer, }; } - // Initialize jump list - setpcmark(); - cleanup_jumplist(curwin, false); - wms->jumps_size = shada_init_jumps(wms->jumps, &removable_bufs); - // Initialize global marks if (dump_global_marks) { const void *global_mark_iter = NULL; diff --git a/test/functional/shada/history_spec.lua b/test/functional/shada/history_spec.lua index c4be9e563d..78b5c77857 100644 --- a/test/functional/shada/history_spec.lua +++ b/test/functional/shada/history_spec.lua @@ -224,4 +224,17 @@ describe('ShaDa support code', function() eq('', funcs.histget('/', -1)) end) + it('does not crash when dumping last search pattern (#10945)', function() + nvim_command('edit Xtest-functional-shada-history_spec') + -- Save jump list + nvim_command('wshada') + -- Wipe out buffer list (jump list entry gets removed) + nvim_command('%bwipeout') + -- Restore jump list + nvim_command('rshada') + nvim_command('silent! /pat/') + nvim_command('au BufNew * echo') + nvim_command('wshada') + end) + end) |