From 1d9ae27e380159c1a2f98448feab48e9be0e56dd Mon Sep 17 00:00:00 2001 From: oni-link Date: Mon, 9 Nov 2015 17:54:49 +0100 Subject: normal.c: No garbage collection while handling an event in normal mode Patch by @tarruda Fixes #3588 --- src/nvim/normal.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src') diff --git a/src/nvim/normal.c b/src/nvim/normal.c index fce3558e9f..d6bc416c91 100644 --- a/src/nvim/normal.c +++ b/src/nvim/normal.c @@ -7701,6 +7701,16 @@ static void nv_open(cmdarg_T *cap) // Handle an arbitrary event in normal mode static void nv_event(cmdarg_T *cap) { + // Garbage collection should have been executed before blocking for events in + // the `os_inchar` in `state_enter`, but we also disable it here in case the + // `os_inchar` branch was not executed(!queue_empty(loop.events), which could + // have `may_garbage_collect` set to true in `normal_check`). + // + // That is because here we may run code that calls `os_inchar` + // later(`f_confirm` or `get_keystroke` for example), but in these cases it is + // not safe to perform garbage collection because there could be unreferenced + // lists or dicts being used. + may_garbage_collect = false; queue_process_events(loop.events); cap->retval |= CA_COMMAND_BUSY; // don't call edit() now } -- cgit From 1c43452afcada9b7163e33d47c7b6bdaf82abded Mon Sep 17 00:00:00 2001 From: oni-link Date: Wed, 11 Nov 2015 16:45:50 +0100 Subject: memory.c: Prevent garbage collection when running out of memory. When running out of memory, garbage collection would free lists and dictionaries that are not yet referenced. This would later on lead to a use-after-free for these objects. Releated to vim-patch:7.4.916, so also updating version.c. Patch by @ZyX-I --- src/nvim/memory.c | 2 -- src/nvim/version.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/nvim/memory.c b/src/nvim/memory.c index d25dc7c941..6d386f3599 100644 --- a/src/nvim/memory.c +++ b/src/nvim/memory.c @@ -42,8 +42,6 @@ void try_to_free_memory(void) clear_sb_text(); // Try to save all buffers and release as many blocks as possible mf_release_all(); - // cleanup recursive lists/dicts - garbage_collect(); trying_to_free = false; } diff --git a/src/nvim/version.c b/src/nvim/version.c index 45b36e7d99..f5e43878e4 100644 --- a/src/nvim/version.c +++ b/src/nvim/version.c @@ -74,6 +74,72 @@ static char *features[] = { // clang-format off static int included_patches[] = { + 916, + // 915, + // 914, + // 913, + // 912, + // 911, + // 910, + // 909, + // 908, + // 907, + // 906, + // 905, + // 904, + // 903, + // 902, + // 901, + // 900, + // 899, + // 898, + // 897, + // 896, + // 895, + // 894, + // 893, + // 892, + // 891, + // 890, + // 889, + // 888, + // 887, + // 886, + // 885, + // 884, + // 883, + // 882, + // 881, + // 880, + // 879, + // 878, + // 877, + // 876, + // 875, + // 874, + // 873, + // 872, + // 871, + // 870, + // 869, + // 868, + // 867, + // 866, + // 865, + // 864, + // 863, + // 862, + // 861, + // 860, + // 859, + // 858, + // 857, + // 856, + // 855, + // 854, + // 853, + // 852, + // 851, // 850, 849, // 848, -- cgit