From 1be315de37d663ba64c87ba7e647160f01ab48e2 Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Tue, 16 Jan 2018 09:08:31 +0100 Subject: tui: final_column_wrap(): fix row calculation closes #7572 closes #7579 closes #7628 ASAN report: ==9500==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000024c0 at pc 0x00000187d2ca bp 0x7fc3c6e58d10 sp 0x7fc3c6e58d08 READ of size 8 at 0x6040000024c0 thread T1 0 0x187d2c9 in ugrid_put /home/vagrant/neovim/build/../src/nvim/ugrid.c:107:17 1 0x1850adf in tui_put /home/vagrant/neovim/build/../src/nvim/tui/tui.c:1012:10 2 0x18a6ce6 in ui_bridge_put_event /home/vagrant/neovim/build/src/nvim/auto/ui_events_bridge.generated.h:154:3 3 0xa4dcda in multiqueue_process_events /home/vagrant/neovim/build/../src/nvim/event/multiqueue.c:150:7 4 0xa478bf in loop_poll_events /home/vagrant/neovim/build/../src/nvim/event/loop.c:63:3 5 0x185451c in tui_main /home/vagrant/neovim/build/../src/nvim/tui/tui.c:362:12 6 0x18a3080 in ui_thread_run /home/vagrant/neovim/build/../src/nvim/ui_bridge.c:106:3 7 0x7fc3caaac6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) 8 0x7fc3c9ca33dc in clone /build/glibc-bfm8X4/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109 0x6040000024c0 is located 0 bytes to the right of 48-byte region [0x604000002490,0x6040000024c0) allocated by thread T1 here: 0 0x50e048 in malloc (/home/vagrant/neovim/build/bin/nvim+0x50e048) 1 0xf7ab71 in try_malloc /home/vagrant/neovim/build/../src/nvim/memory.c:87:15 2 0xf7ad99 in xmalloc /home/vagrant/neovim/build/../src/nvim/memory.c:121:15 3 0x187937b in ugrid_resize /home/vagrant/neovim/build/../src/nvim/ugrid.c:32:17 4 0x184be58 in tui_resize /home/vagrant/neovim/build/../src/nvim/tui/tui.c:770:3 5 0x18a3dc8 in ui_bridge_resize_event /home/vagrant/neovim/build/src/nvim/auto/ui_events_bridge.generated.h:4:3 6 0xa4dcda in multiqueue_process_events /home/vagrant/neovim/build/../src/nvim/event/multiqueue.c:150:7 7 0xa478bf in loop_poll_events /home/vagrant/neovim/build/../src/nvim/event/loop.c:63:3 8 0x185451c in tui_main /home/vagrant/neovim/build/../src/nvim/tui/tui.c:362:12 9 0x18a3080 in ui_thread_run /home/vagrant/neovim/build/../src/nvim/ui_bridge.c:106:3 10 0x7fc3caaac6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) Thread T1 created by T0 here: 0 0x4655ed in __interceptor_pthread_create (/home/vagrant/neovim/build/bin/nvim+0x4655ed) 1 0x1ad87b0 in uv_thread_create /home/vagrant/neovim/.deps/build/src/libuv/src/unix/thread.c:75 2 0x184b9aa in tui_start /home/vagrant/neovim/build/../src/nvim/tui/tui.c:159:10 3 0x188dd4c in ui_builtin_start /home/vagrant/neovim/build/../src/nvim/ui.c:125:3 4 0xe6d399 in main /home/vagrant/neovim/build/../src/nvim/main.c:457:5 5 0x7fc3c9bbc82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 --- src/nvim/tui/tui.c | 2 +- test/functional/terminal/tui_spec.lua | 29 +++++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/src/nvim/tui/tui.c b/src/nvim/tui/tui.c index df5b41a64b..2349bd2ae9 100644 --- a/src/nvim/tui/tui.c +++ b/src/nvim/tui/tui.c @@ -500,7 +500,7 @@ static void final_column_wrap(UI *ui) UGrid *grid = &data->grid; if (grid->col == ui->width) { grid->col = 0; - if (grid->row < ui->height) { + if (grid->row < MIN(ui->height, grid->height - 1)) { grid->row++; } } diff --git a/test/functional/terminal/tui_spec.lua b/test/functional/terminal/tui_spec.lua index 745bfeecf9..a62c03b70f 100644 --- a/test/functional/terminal/tui_spec.lua +++ b/test/functional/terminal/tui_spec.lua @@ -6,15 +6,18 @@ local helpers = require('test.functional.helpers')(after_each) local thelpers = require('test.functional.terminal.helpers') local Screen = require('test.functional.ui.screen') local eq = helpers.eq -local feed_data = thelpers.feed_data local feed_command = helpers.feed_command +local feed_data = thelpers.feed_data local clear = helpers.clear +local command = helpers.command +local eval = helpers.eval local nvim_dir = helpers.nvim_dir local retry = helpers.retry local nvim_prog = helpers.nvim_prog local nvim_set = helpers.nvim_set local ok = helpers.ok local read_file = helpers.read_file +local wait = helpers.wait if helpers.pending_win32(pending) then return end @@ -40,6 +43,28 @@ describe('tui', function() screen:detach() end) + it('rapid resize #7572 #7628', function() + -- Need buffer rows to provoke the behavior. + feed_data(":edit test/functional/fixtures/bigfile.txt:") + command('call jobresize(b:terminal_job_id, 58, 9)') + command('call jobresize(b:terminal_job_id, 62, 13)') + command('call jobresize(b:terminal_job_id, 100, 42)') + command('call jobresize(b:terminal_job_id, 37, 1000)') + -- Resize to <5 columns. + screen:try_resize(4, 44) + command('call jobresize(b:terminal_job_id, 4, 1000)') + -- Resize to 1 row, then to 1 column, then increase rows to 4. + screen:try_resize(44, 1) + command('call jobresize(b:terminal_job_id, 44, 1)') + screen:try_resize(1, 1) + command('call jobresize(b:terminal_job_id, 1, 1)') + screen:try_resize(1, 4) + command('call jobresize(b:terminal_job_id, 1, 4)') + screen:try_resize(57, 17) + command('call jobresize(b:terminal_job_id, 57, 17)') + eq(2, eval("1+1")) -- Still alive? + end) + it('accepts basic utf-8 input', function() feed_data('iabc\ntest1\ntest2') screen:expect([[ @@ -448,7 +473,7 @@ describe("tui 't_Co' (terminal colors)", function() nvim_set)) feed_data(":echo &t_Co\n") - helpers.wait() + wait() local tline if maxcolors == 8 or maxcolors == 16 then tline = "~ " -- cgit