From 387c5ba3de356ea5c5f6fe71465440abd8563d8e Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Sat, 2 Dec 2023 09:55:11 +0800 Subject: revert: "memory: Free buffers after freeing variables" (#26356) This reverts commit fe30d8ccef17fff23676b8670dfec86444e2cb32. The original commit intends to prevent heap-use-after-free with EXITFREE caused by changedtick_di, which is no longer a problem. Freeing buffers after freeing variables will cause heap-use-after-free with EXITFREE when a partial is used as prompt callback. --- src/nvim/drawscreen.c | 1 - src/nvim/memory.c | 38 +++++++++++++++++++------------------- 2 files changed, 19 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/nvim/drawscreen.c b/src/nvim/drawscreen.c index 1abbc0c102..fd1589f0c5 100644 --- a/src/nvim/drawscreen.c +++ b/src/nvim/drawscreen.c @@ -2643,7 +2643,6 @@ int number_width(win_T *wp) /// Set must_redraw only if not already set to a higher value. /// e.g. if must_redraw is UPD_CLEAR, type UPD_NOT_VALID will do nothing. void redraw_later(win_T *wp, int type) - FUNC_ATTR_NONNULL_ALL { if (!exiting && wp->w_redr_type < type) { wp->w_redr_type = type; diff --git a/src/nvim/memory.c b/src/nvim/memory.c index 52fdf9f923..7036c91c9b 100644 --- a/src/nvim/memory.c +++ b/src/nvim/memory.c @@ -782,6 +782,25 @@ void free_all_mem(void) // Free all option values. Must come after closing windows. free_all_options(); + // Free all buffers. Reset 'autochdir' to avoid accessing things that + // were freed already. + // Must be after eval_clear to avoid it trying to access b:changedtick after + // freeing it. + p_acd = false; + for (buf = firstbuf; buf != NULL;) { + bufref_T bufref; + set_bufref(&bufref, buf); + nextbuf = buf->b_next; + + // Since options (in addition to other stuff) have been freed above we need to ensure no + // callbacks are called, so free them before closing the buffer. + buf_free_callbacks(buf); + + close_buffer(NULL, buf, DOBUF_WIPE, false, false); + // Didn't work, try next one. + buf = bufref_valid(&bufref) ? nextbuf : firstbuf; + } + // Clear registers. clear_registers(); ResetRedobuff(); @@ -807,25 +826,6 @@ void free_all_mem(void) api_extmark_free_all_mem(); ctx_free_all(); - // Free all buffers. Reset 'autochdir' to avoid accessing things that - // were freed already. - // Must be after eval_clear to avoid it trying to access b:changedtick after - // freeing it. - p_acd = false; - for (buf = firstbuf; buf != NULL;) { - bufref_T bufref; - set_bufref(&bufref, buf); - nextbuf = buf->b_next; - - // Since options (in addition to other stuff) have been freed above we need to ensure no - // callbacks are called, so free them before closing the buffer. - buf_free_callbacks(buf); - - close_buffer(NULL, buf, DOBUF_WIPE, false, false); - // Didn't work, try next one. - buf = bufref_valid(&bufref) ? nextbuf : firstbuf; - } - map_destroy(int, &buffer_handles); map_destroy(int, &window_handles); map_destroy(int, &tabpage_handles); -- cgit