Mercurial > vim
annotate src/testdir/test_compiler.vim @ 33811:06219b3bdaf3 v9.0.2121
patch 9.0.2121: [security]: use-after-free in ex_substitute
Commit: https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb
Author: Christian Brabandt <cb@256bit.org>
Date: Wed Nov 22 21:26:41 2023 +0100
patch 9.0.2121: [security]: use-after-free in ex_substitute
Problem: [security]: use-after-free in ex_substitute
Solution: always allocate memory
closes: #13552
A recursive :substitute command could cause a heap-use-after free in Vim
(CVE-2023-48706).
The whole reproducible test is a bit tricky, I can only reproduce this
reliably when no previous substitution command has been used yet
(which is the reason, the test needs to run as first one in the
test_substitute.vim file) and as a combination of the `:~` command
together with a :s command that contains the special substitution atom `~\=`
which will make use of a sub-replace special atom and calls a vim script
function.
There was a comment in the existing :s code, that already makes the
`sub` variable allocate memory so that a recursive :s call won't be able
to cause any issues here, so this was known as a potential problem
already. But for the current test-case that one does not work, because
the substitution does not start with `\=` but with `~\=` (and since
there does not yet exist a previous substitution atom, Vim will simply
increment the `sub` pointer (which then was not allocated dynamically)
and later one happily use a sub-replace special expression (which could
then free the `sub` var).
The following commit fixes this, by making the sub var always using
allocated memory, which also means we need to free the pointer whenever
we leave the function. Since sub is now always an allocated variable,
we also do no longer need the sub_copy variable anymore, since this one
was used to indicated when sub pointed to allocated memory (and had
therefore to be freed on exit) and when not.
Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Wed, 22 Nov 2023 22:15:05 +0100 |
| parents | fed9c5ffde42 |
| children | 7ed07817c287 |
| rev | line source |
|---|---|
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
1 " Test the :compiler command |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
2 |
|
18767
068337e86133
patch 8.1.2373: cannot build with +popupwin but without +quickfix
Bram Moolenaar <Bram@vim.org>
parents:
18273
diff
changeset
|
3 source check.vim |
|
19348
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
4 source shared.vim |
|
18767
068337e86133
patch 8.1.2373: cannot build with +popupwin but without +quickfix
Bram Moolenaar <Bram@vim.org>
parents:
18273
diff
changeset
|
5 |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
6 func Test_compiler() |
|
23027
f74978697fb6
patch 8.2.2060: check for features implemented with "if"
Bram Moolenaar <Bram@vim.org>
parents:
22983
diff
changeset
|
7 CheckExecutable perl |
|
18767
068337e86133
patch 8.1.2373: cannot build with +popupwin but without +quickfix
Bram Moolenaar <Bram@vim.org>
parents:
18273
diff
changeset
|
8 CheckFeature quickfix |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
9 |
|
33333
fed9c5ffde42
patch 9.0.1931: make test_compilers fails on ubuntu
Christian Brabandt <cb@256bit.org>
parents:
26109
diff
changeset
|
10 let save_LC_ALL = $LC_ALL |
|
fed9c5ffde42
patch 9.0.1931: make test_compilers fails on ubuntu
Christian Brabandt <cb@256bit.org>
parents:
26109
diff
changeset
|
11 let $LC_ALL= "C" |
|
14260
9ff35e144467
patch 8.1.0146: when $LANG is set the compiler test may fail
Christian Brabandt <cb@256bit.org>
parents:
13974
diff
changeset
|
12 |
|
17572
0d7c87cad133
patch 8.1.1783: MS-Windows: compiler test may fail when using %:S
Bram Moolenaar <Bram@vim.org>
parents:
14260
diff
changeset
|
13 " %:S does not work properly with 'shellslash' set |
|
0d7c87cad133
patch 8.1.1783: MS-Windows: compiler test may fail when using %:S
Bram Moolenaar <Bram@vim.org>
parents:
14260
diff
changeset
|
14 let save_shellslash = &shellslash |
|
0d7c87cad133
patch 8.1.1783: MS-Windows: compiler test may fail when using %:S
Bram Moolenaar <Bram@vim.org>
parents:
14260
diff
changeset
|
15 set noshellslash |
|
0d7c87cad133
patch 8.1.1783: MS-Windows: compiler test may fail when using %:S
Bram Moolenaar <Bram@vim.org>
parents:
14260
diff
changeset
|
16 |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
17 e Xfoo.pl |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
18 compiler perl |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
19 call assert_equal('perl', b:current_compiler) |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
20 call assert_fails('let g:current_compiler', 'E121:') |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
21 |
|
26103
d079ab2ba260
patch 8.2.3584: "verbose set efm" reports location of the :compiler command
Bram Moolenaar <Bram@vim.org>
parents:
24323
diff
changeset
|
22 let verbose_efm = execute('verbose set efm') |
|
26109
efc174960b10
patch 8.2.3587: compiler test fails with backslash file separator
Bram Moolenaar <Bram@vim.org>
parents:
26103
diff
changeset
|
23 call assert_match('Last set from .*[/\\]compiler[/\\]perl.vim ', verbose_efm) |
|
26103
d079ab2ba260
patch 8.2.3584: "verbose set efm" reports location of the :compiler command
Bram Moolenaar <Bram@vim.org>
parents:
24323
diff
changeset
|
24 |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
25 call setline(1, ['#!/usr/bin/perl -w', 'use strict;', 'my $foo=1']) |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
26 w! |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
27 call feedkeys(":make\<CR>\<CR>", 'tx') |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
28 call assert_fails('clist', 'E42:') |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
29 |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
30 call setline(1, ['#!/usr/bin/perl -w', 'use strict;', '$foo=1']) |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
31 w! |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
32 call feedkeys(":make\<CR>\<CR>", 'tx') |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
33 let a=execute('clist') |
|
18118
9b7c7754ba9d
patch 8.1.2054: compiler test for Perl may fail
Bram Moolenaar <Bram@vim.org>
parents:
17572
diff
changeset
|
34 call assert_match('\n \d\+ Xfoo.pl:3: Global symbol "$foo" ' |
|
9b7c7754ba9d
patch 8.1.2054: compiler test for Perl may fail
Bram Moolenaar <Bram@vim.org>
parents:
17572
diff
changeset
|
35 \ . 'requires explicit package name', a) |
|
9b7c7754ba9d
patch 8.1.2054: compiler test for Perl may fail
Bram Moolenaar <Bram@vim.org>
parents:
17572
diff
changeset
|
36 |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
37 |
|
17572
0d7c87cad133
patch 8.1.1783: MS-Windows: compiler test may fail when using %:S
Bram Moolenaar <Bram@vim.org>
parents:
14260
diff
changeset
|
38 let &shellslash = save_shellslash |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
39 call delete('Xfoo.pl') |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
40 bw! |
|
33333
fed9c5ffde42
patch 9.0.1931: make test_compilers fails on ubuntu
Christian Brabandt <cb@256bit.org>
parents:
26109
diff
changeset
|
41 let $LC_ALL = save_LC_ALL |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
42 endfunc |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
43 |
|
22981
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
44 func GetCompilerNames() |
|
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
45 return glob('$VIMRUNTIME/compiler/*.vim', 0, 1) |
|
22983
1e1422df34e3
patch 8.2.2038: compiler test fails on MS-Windows
Bram Moolenaar <Bram@vim.org>
parents:
22981
diff
changeset
|
46 \ ->map({i, v -> substitute(v, '.*[\\/]\([a-zA-Z0-9_\-]*\).vim', '\1', '')}) |
|
1e1422df34e3
patch 8.2.2038: compiler test fails on MS-Windows
Bram Moolenaar <Bram@vim.org>
parents:
22981
diff
changeset
|
47 \ ->sort() |
|
22981
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
48 endfunc |
|
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
49 |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
50 func Test_compiler_without_arg() |
|
18273
fc68850c5233
patch 8.1.2131: MSVC tests fail
Bram Moolenaar <Bram@vim.org>
parents:
18269
diff
changeset
|
51 let runtime = substitute($VIMRUNTIME, '\\', '/', 'g') |
|
fc68850c5233
patch 8.1.2131: MSVC tests fail
Bram Moolenaar <Bram@vim.org>
parents:
18269
diff
changeset
|
52 let a = split(execute('compiler')) |
|
22981
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
53 let exp = GetCompilerNames() |
|
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
54 call assert_match(runtime .. '/compiler/' .. exp[0] .. '.vim$', a[0]) |
|
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
55 call assert_match(runtime .. '/compiler/' .. exp[1] .. '.vim$', a[1]) |
|
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
56 call assert_match(runtime .. '/compiler/' .. exp[-1] .. '.vim$', a[-1]) |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
57 endfunc |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
58 |
|
19348
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
59 " Test executing :compiler from the command line, not from a script |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
60 func Test_compiler_commandline() |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
61 call system(GetVimCommandClean() .. ' --not-a-term -c "compiler gcc" -c "call writefile([b:current_compiler], ''XcompilerOut'')" -c "quit"') |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
62 call assert_equal(0, v:shell_error) |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
63 call assert_equal(["gcc"], readfile('XcompilerOut')) |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
64 |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
65 call delete('XcompilerOut') |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
66 endfunc |
|
b6da81589f8c
patch 8.2.0232: the :compiler command causes a crash
Bram Moolenaar <Bram@vim.org>
parents:
19289
diff
changeset
|
67 |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
68 func Test_compiler_completion() |
|
22981
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
69 let clist = GetCompilerNames()->join(' ') |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
70 call feedkeys(":compiler \<C-A>\<C-B>\"\<CR>", 'tx') |
|
22981
72e0ec552189
patch 8.2.2037: compiler test depends on list of compiler plugins
Bram Moolenaar <Bram@vim.org>
parents:
21765
diff
changeset
|
71 call assert_match('^"compiler ' .. clist .. '$', @:) |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
72 |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
73 call feedkeys(":compiler p\<C-A>\<C-B>\"\<CR>", 'tx') |
|
24323
7759374c4464
patch 8.2.2702: compiler completion test fails when more scripts are added
Bram Moolenaar <Bram@vim.org>
parents:
23027
diff
changeset
|
74 call assert_match('"compiler pbx perl\( p[a-z]\+\)\+ pylint pyunit', @:) |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
75 |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
76 call feedkeys(":compiler! p\<C-A>\<C-B>\"\<CR>", 'tx') |
|
24323
7759374c4464
patch 8.2.2702: compiler completion test fails when more scripts are added
Bram Moolenaar <Bram@vim.org>
parents:
23027
diff
changeset
|
77 call assert_match('"compiler! pbx perl\( p[a-z]\+\)\+ pylint pyunit', @:) |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
78 endfunc |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
79 |
|
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
80 func Test_compiler_error() |
|
19289
2f0f308c069c
patch 8.2.0203: :helptags and some other functionality not tested
Bram Moolenaar <Bram@vim.org>
parents:
18767
diff
changeset
|
81 let g:current_compiler = 'abc' |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
82 call assert_fails('compiler doesnotexist', 'E666:') |
|
19289
2f0f308c069c
patch 8.2.0203: :helptags and some other functionality not tested
Bram Moolenaar <Bram@vim.org>
parents:
18767
diff
changeset
|
83 call assert_equal('abc', g:current_compiler) |
|
2f0f308c069c
patch 8.2.0203: :helptags and some other functionality not tested
Bram Moolenaar <Bram@vim.org>
parents:
18767
diff
changeset
|
84 call assert_fails('compiler! doesnotexist', 'E666:') |
|
2f0f308c069c
patch 8.2.0203: :helptags and some other functionality not tested
Bram Moolenaar <Bram@vim.org>
parents:
18767
diff
changeset
|
85 unlet! g:current_compiler |
|
13970
939cfab265b9
patch 8.1.0003: the :compiler command is not tested
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
86 endfunc |
|
21765
08940efa6b4e
patch 8.2.1432: various inconsistencies in test files
Bram Moolenaar <Bram@vim.org>
parents:
21721
diff
changeset
|
87 |
|
08940efa6b4e
patch 8.2.1432: various inconsistencies in test files
Bram Moolenaar <Bram@vim.org>
parents:
21721
diff
changeset
|
88 " vim: shiftwidth=2 sts=2 expandtab |