mirror of
https://github.com/neovim/neovim.git
synced 2024-09-17 20:58:20 -04:00
vim-patch:9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data (#30377)
Problem: heap-use-after-free in garbage collection with location list
user data.
Solution: Mark user data as in use when no other window is referencing
the location list (zeertzjq)
fixes: neovim/neovim#30371
closes: vim/vim#15683
be4bd189d2
This commit is contained in:
parent
f2173b1aa2
commit
325d349f9d
@ -6875,7 +6875,8 @@ bool set_ref_in_quickfix(int copyID)
|
||||
// In a location list window and none of the other windows is
|
||||
// referring to this location list. Mark the location list
|
||||
// context as still in use.
|
||||
if (mark_quickfix_ctx(win->w_llist_ref, copyID)) {
|
||||
if (mark_quickfix_ctx(win->w_llist_ref, copyID)
|
||||
|| mark_quickfix_user_data(win->w_llist_ref, copyID)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
@ -4071,11 +4071,23 @@ func Test_ll_window_ctx()
|
||||
enew | only
|
||||
endfunc
|
||||
|
||||
" Similar to the problem above, but for user data.
|
||||
func Test_ll_window_user_data()
|
||||
call setloclist(0, [#{bufnr: bufnr(), user_data: {}}])
|
||||
lopen
|
||||
wincmd t
|
||||
close
|
||||
call test_garbagecollect_now()
|
||||
call feedkeys("\<CR>", 'tx')
|
||||
call test_garbagecollect_now()
|
||||
%bwipe!
|
||||
endfunc
|
||||
|
||||
" The following test used to crash vim
|
||||
func Test_lfile_crash()
|
||||
sp Xtest
|
||||
au QuickFixCmdPre * bw
|
||||
call assert_fails('lfile', 'E40')
|
||||
call assert_fails('lfile', 'E40:')
|
||||
au! QuickFixCmdPre
|
||||
endfunc
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user