diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2024-08-02 07:33:52 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-02 07:33:52 +0800 |
| commit | ac15db4b9c21b51dc1789c4c75bd8cb363c6715d (patch) | |
| tree | 39230226ac82217aaba7b4c2b3d72a99ac63143b | |
| parent | d65788052fa0e634e521e67b44f67bf09b417319 (diff) | |
| parent | 6af359ef4cc3c221e0e3102ab2b54cf64d7c9835 (diff) | |
| download | rneovim-ac15db4b9c21b51dc1789c4c75bd8cb363c6715d.tar.gz rneovim-ac15db4b9c21b51dc1789c4c75bd8cb363c6715d.tar.bz2 rneovim-ac15db4b9c21b51dc1789c4c75bd8cb363c6715d.zip | |
Merge pull request #29945 from zeertzjq/vim-9.1.0647
vim-patch:9.0.{2149,2158},9.1.0647
| -rw-r--r-- | src/nvim/window.c | 4 | ||||
| -rw-r--r-- | test/functional/legacy/crash_spec.lua | 19 | ||||
| -rw-r--r-- | test/old/testdir/crash/double_free | bin | 0 -> 561 bytes | |||
| -rw-r--r-- | test/old/testdir/crash/poc_uaf_check_argument_types | bin | 0 -> 43 bytes | |||
| -rw-r--r-- | test/old/testdir/crash/poc_uaf_exec_instructions | bin | 0 -> 69 bytes | |||
| -rw-r--r-- | test/old/testdir/test_crash.vim | 51 |
6 files changed, 58 insertions, 16 deletions
diff --git a/src/nvim/window.c b/src/nvim/window.c index b770f0ccab..4fde200a01 100644 --- a/src/nvim/window.c +++ b/src/nvim/window.c @@ -73,6 +73,7 @@ #include "nvim/statusline.h" #include "nvim/strings.h" #include "nvim/syntax.h" +#include "nvim/tag.h" #include "nvim/terminal.h" #include "nvim/types_defs.h" #include "nvim/ui.h" @@ -5205,8 +5206,7 @@ void win_free(win_T *wp, tabpage_T *tp) xfree(wp->w_lines); for (int i = 0; i < wp->w_tagstacklen; i++) { - xfree(wp->w_tagstack[i].tagname); - xfree(wp->w_tagstack[i].user_data); + tagstack_clear_entry(&wp->w_tagstack[i]); } xfree(wp->w_localdir); diff --git a/test/functional/legacy/crash_spec.lua b/test/functional/legacy/crash_spec.lua index 04f77c7d4f..e72c3a512a 100644 --- a/test/functional/legacy/crash_spec.lua +++ b/test/functional/legacy/crash_spec.lua @@ -1,8 +1,12 @@ +local t = require('test.testutil') local n = require('test.functional.testnvim')() local assert_alive = n.assert_alive local clear = n.clear local command = n.command +local eq = t.eq +local eval = n.eval +local exec = n.exec local feed = n.feed before_each(clear) @@ -32,3 +36,18 @@ it('no crash with very long option error message', function() pcall(command, 'source test/old/testdir/crash/poc_did_set_langmap') assert_alive() end) + +it('no crash when closing window with tag in loclist', function() + exec([[ + new + lexpr ['foo'] + lopen + let g:qf_bufnr = bufnr() + lclose + call settagstack(1, #{items: [#{tagname: 'foo', from: [g:qf_bufnr, 1, 1, 0]}]}) + ]]) + eq(1, eval('bufexists(g:qf_bufnr)')) + command('1close') + eq(0, eval('bufexists(g:qf_bufnr)')) + assert_alive() +end) diff --git a/test/old/testdir/crash/double_free b/test/old/testdir/crash/double_free Binary files differnew file mode 100644 index 0000000000..895c4a04b6 --- /dev/null +++ b/test/old/testdir/crash/double_free diff --git a/test/old/testdir/crash/poc_uaf_check_argument_types b/test/old/testdir/crash/poc_uaf_check_argument_types Binary files differnew file mode 100644 index 0000000000..83a2e7b0a6 --- /dev/null +++ b/test/old/testdir/crash/poc_uaf_check_argument_types diff --git a/test/old/testdir/crash/poc_uaf_exec_instructions b/test/old/testdir/crash/poc_uaf_exec_instructions Binary files differnew file mode 100644 index 0000000000..49ae8577ff --- /dev/null +++ b/test/old/testdir/crash/poc_uaf_exec_instructions diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim index 49e712a901..29061aa423 100644 --- a/test/old/testdir/test_crash.vim +++ b/test/old/testdir/test_crash.vim @@ -113,6 +113,7 @@ endfunc func Test_crash1_2() CheckNotBSD CheckExecutable dash + let g:test_is_flaky = 1 " The following used to crash Vim let opts = #{cmd: 'sh'} @@ -149,22 +150,9 @@ func Test_crash1_2() \ ' ; echo "crash 4: [OK]" >> '.. result .. "\<cr>") call TermWait(buf, 150) - let file = 'crash/poc_ex_substitute' - let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'" - let args = printf(cmn_args, vim, file) - " just make sure it runs, we don't care about the resulting echo - call term_sendkeys(buf, args .. "\<cr>") - " There is no output generated in Github CI for the asan clang build. - " so just skip generating the ouput. - " call term_sendkeys(buf, args .. - " \ ' && echo "crash 5: [OK]" >> '.. result .. "\<cr>") - call TermWait(buf, 150) - " clean up exe buf .. "bw!" - exe "sp " .. result - let expected = [ \ 'crash 1: [OK]', \ 'crash 2: [OK]', @@ -174,10 +162,45 @@ func Test_crash1_2() call assert_equal(expected, getline(1, '$')) bw! - call delete(result) endfunc +" This test just runs various scripts, that caused issues before. +" We are not really asserting anything here, it's just important +" that ASAN does not detect any issues. +func Test_crash1_3() + let vim = GetVimProg() + let buf = RunVimInTerminal('sh', #{cmd: 'sh'}) + + let file = 'crash/poc_ex_substitute' + let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>" + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args) + call TermWait(buf, 150) + + let file = 'crash/poc_uaf_exec_instructions' + let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>" + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args) + call TermWait(buf, 150) + + let file = 'crash/poc_uaf_check_argument_types' + let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>" + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args) + call TermWait(buf, 150) + + let file = 'crash/double_free' + let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>" + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args) + call TermWait(buf, 50) + + " clean up + exe buf .. "bw!" + bw! +endfunc + func Test_crash2() " The following used to crash Vim let opts = #{wait_for_ruler: 0, rows: 20} |