annotate src/testdir/test_crash.vim @ 36048:179d2e139736 v9.1.0697

patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf Commit: https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b Author: Christian Brabandt <cb@256bit.org> Date: Sun Aug 25 21:33:03 2024 +0200 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf Problem: heap-buffer-overflow in ins_typebuf (SuyueGuo) Solution: When flushing the typeahead buffer, validate that there is enough space left Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sun, 25 Aug 2024 21:45:04 +0200
parents 23090f17734a
children a8dc83448e70
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
33115
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
1 " Some tests, that used to crash Vim
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
2 source check.vim
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
3 source screendump.vim
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
4
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
5 CheckScreendump
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
6
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
7 func Test_crash1()
33185
1ee65fdbd791 patch 9.0.1872: CI: test_crash() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33176
diff changeset
8 CheckNotBSD
33199
3395f1cbe3ab patch 9.0.1878: tests running sh have problems
Christian Brabandt <cb@256bit.org>
parents: 33193
diff changeset
9 CheckExecutable dash
33208
ed46a7531bb3 patch 9.0.1882: Trailing white space in tests
Christian Brabandt <cb@256bit.org>
parents: 33206
diff changeset
10 " Test 7 fails on Mac ...
33206
3737c8d06c2f patch 9.0.1881: Test_crash fails on Mac
Christian Brabandt <cb@256bit.org>
parents: 33199
diff changeset
11 CheckNotMac
33185
1ee65fdbd791 patch 9.0.1872: CI: test_crash() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33176
diff changeset
12
33115
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
13 " The following used to crash Vim
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
14 let opts = #{cmd: 'sh'}
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
15 let vim = GetVimProg()
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
16
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
17 let buf = RunVimInTerminal('sh', opts)
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
18
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
19 let file = 'crash/poc_huaf1'
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
20 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'"
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
21 let args = printf(cmn_args, vim, file)
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
22 call term_sendkeys(buf, args ..
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
23 \ ' && echo "crash 1: [OK]" > X_crash1_result.txt' .. "\<cr>")
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
24 call TermWait(buf, 50)
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
25
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
26 let file = 'crash/poc_huaf2'
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
27 let args = printf(cmn_args, vim, file)
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
28 call term_sendkeys(buf, args ..
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
29 \ ' && echo "crash 2: [OK]" >> X_crash1_result.txt' .. "\<cr>")
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
30 call TermWait(buf, 50)
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
31
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
32 let file = 'crash/poc_huaf3'
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
33 let args = printf(cmn_args, vim, file)
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
34 call term_sendkeys(buf, args ..
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
35 \ ' && echo "crash 3: [OK]" >> X_crash1_result.txt' .. "\<cr>")
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
36 call TermWait(buf, 100)
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
37
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
38 let file = 'crash/bt_quickfix_poc'
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
39 let args = printf(cmn_args, vim, file)
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
40 call term_sendkeys(buf, args ..
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
41 \ ' && echo "crash 4: [OK]" >> X_crash1_result.txt' .. "\<cr>")
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
42 " clean up
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
43 call delete('Xerr')
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
44 " This test takes a bit longer
33165
74fcf8a0846b patch 9.0.1864: still crash with bt_quickfix1_poc
Christian Brabandt <cb@256bit.org>
parents: 33156
diff changeset
45 call TermWait(buf, 1000)
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
46
33152
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
47 let file = 'crash/poc_tagfunc.vim'
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
48 let args = printf(cmn_args, vim, file)
33187
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
49 " using || because this poc causes vim to exit with exitstatus != 0
33152
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
50 call term_sendkeys(buf, args ..
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
51 \ ' || echo "crash 5: [OK]" >> X_crash1_result.txt' .. "\<cr>")
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
52
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
53 call TermWait(buf, 100)
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
54
33154
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
55 let file = 'crash/bt_quickfix1_poc'
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
56 let args = printf(cmn_args, vim, file)
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
57 call term_sendkeys(buf, args ..
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
58 \ ' && echo "crash 6: [OK]" >> X_crash1_result.txt' .. "\<cr>")
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
59 " clean up
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
60 call delete('X')
33176
8ac10cee18f3 patch 9.0.1868: test_crash still fails for circle ci
Christian Brabandt <cb@256bit.org>
parents: 33165
diff changeset
61 call TermWait(buf, 3000)
33154
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
62
33187
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
63 let file = 'crash/vim_regsub_both_poc'
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
64 let args = printf(cmn_args, vim, file)
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
65 call term_sendkeys(buf, args ..
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
66 \ ' && echo "crash 7: [OK]" >> X_crash1_result.txt' .. "\<cr>")
33199
3395f1cbe3ab patch 9.0.1878: tests running sh have problems
Christian Brabandt <cb@256bit.org>
parents: 33193
diff changeset
67 call TermWait(buf, 3000)
33187
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
68
33422
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
69 let file = 'crash/vim_msg_trunc_poc'
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
70 let args = printf(cmn_args, vim, file)
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
71 call term_sendkeys(buf, args ..
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
72 \ ' || echo "crash 8: [OK]" >> X_crash1_result.txt' .. "\<cr>")
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
73 call TermWait(buf, 3000)
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
74
33482
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
75 let file = 'crash/crash_scrollbar'
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
76 let args = printf(cmn_args, vim, file)
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
77 call term_sendkeys(buf, args ..
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
78 \ ' && echo "crash 9: [OK]" >> X_crash1_result.txt' .. "\<cr>")
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
79 call TermWait(buf, 1000)
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
80
33523
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
81 let file = 'crash/editing_arg_idx_POC_1'
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
82 let args = printf(cmn_args, vim, file)
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
83 call term_sendkeys(buf, args ..
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
84 \ ' || echo "crash 10: [OK]" >> X_crash1_result.txt' .. "\<cr>")
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
85 call TermWait(buf, 1000)
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
86 call delete('Xerr')
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
87 call delete('@')
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
88
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
89 " clean up
33115
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
90 exe buf .. "bw!"
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
91
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
92 sp X_crash1_result.txt
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
93
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
94 let expected = [
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
95 \ 'crash 1: [OK]',
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
96 \ 'crash 2: [OK]',
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
97 \ 'crash 3: [OK]',
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
98 \ 'crash 4: [OK]',
33152
8c9c79b00316 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents: 33150
diff changeset
99 \ 'crash 5: [OK]',
33154
faeeed7df688 patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents: 33152
diff changeset
100 \ 'crash 6: [OK]',
33187
201c54cdde82 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Christian Brabandt <cb@256bit.org>
parents: 33185
diff changeset
101 \ 'crash 7: [OK]',
33422
25d250a74bb6 patch 9.0.1969: [security] buffer-overflow in trunc_string()
Christian Brabandt <cb@256bit.org>
parents: 33208
diff changeset
102 \ 'crash 8: [OK]',
33482
39b2e200c4d7 patch 9.0.1992: [security] segfault in exmode
Christian Brabandt <cb@256bit.org>
parents: 33422
diff changeset
103 \ 'crash 9: [OK]',
33523
1947bb095199 patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Christian Brabandt <cb@256bit.org>
parents: 33482
diff changeset
104 \ 'crash 10: [OK]',
33150
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
105 \ ]
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
106
cdc797578b8b patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents: 33144
diff changeset
107 call assert_equal(expected, getline(1, '$'))
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
108 bw!
33115
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
109
33144
9c34366acd4e patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents: 33132
diff changeset
110 call delete('X_crash1_result.txt')
33115
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
111 endfunc
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
112
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
113 func Test_crash1_2()
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
114 CheckNotBSD
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
115 CheckExecutable dash
33879
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
116 let g:test_is_flaky = 1
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
117
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
118 " The following used to crash Vim
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
119 let opts = #{cmd: 'sh'}
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
120 let vim = GetVimProg()
33865
8cdb69ea3711 patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Christian Brabandt <cb@256bit.org>
parents: 33864
diff changeset
121 let result = 'X_crash1_2_result.txt'
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
122
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
123 let buf = RunVimInTerminal('sh', opts)
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
124
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
125 let file = 'crash/poc1'
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
126 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'"
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
127 let args = printf(cmn_args, vim, file)
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
128 call term_sendkeys(buf, args ..
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
129 \ ' && echo "crash 1: [OK]" > '.. result .. "\<cr>")
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
130 call TermWait(buf, 150)
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
131
33862
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
132 let file = 'crash/poc_win_enter_ext'
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
133 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'"
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
134 let args = printf(cmn_args, vim, file)
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
135 call term_sendkeys(buf, args ..
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
136 \ ' && echo "crash 2: [OK]" >> '.. result .. "\<cr>")
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
137 call TermWait(buf, 350)
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
138
33863
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
139 let file = 'crash/poc_suggest_trie_walk'
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
140 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'"
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
141 let args = printf(cmn_args, vim, file)
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
142 call term_sendkeys(buf, args ..
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
143 \ ' && echo "crash 3: [OK]" >> '.. result .. "\<cr>")
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
144 call TermWait(buf, 150)
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
145
33864
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
146 let file = 'crash/poc_did_set_langmap'
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
147 let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
148 let args = printf(cmn_args, vim, file)
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
149 call term_sendkeys(buf, args ..
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
150 \ ' ; echo "crash 4: [OK]" >> '.. result .. "\<cr>")
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
151 call TermWait(buf, 150)
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
152
36023
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
153 let file = 'crash/reverse_text_overflow'
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
154 let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
155 let args = printf(cmn_args, vim, file)
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
156 call term_sendkeys(buf, args ..
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
157 \ ' ; echo "crash 5: [OK]" >> '.. result .. "\<cr>")
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
158 call TermWait(buf, 150)
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
159
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
160 " clean up
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
161 exe buf .. "bw!"
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
162 exe "sp " .. result
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
163 let expected = [
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
164 \ 'crash 1: [OK]',
33862
242b964d6269 patch 9.0.2140: [security]: use-after-free in win-enter
Christian Brabandt <cb@256bit.org>
parents: 33772
diff changeset
165 \ 'crash 2: [OK]',
33863
3b8089d550eb patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Christian Brabandt <cb@256bit.org>
parents: 33862
diff changeset
166 \ 'crash 3: [OK]',
33864
6e4c686b6b5b patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Christian Brabandt <cb@256bit.org>
parents: 33863
diff changeset
167 \ 'crash 4: [OK]',
36023
f1fd19e38507 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
Christian Brabandt <cb@256bit.org>
parents: 35944
diff changeset
168 \ 'crash 5: [OK]',
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
169 \ ]
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
170
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
171 call assert_equal(expected, getline(1, '$'))
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
172 bw!
33879
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
173 call delete(result)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
174 endfunc
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
175
33879
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
176 " This test just runs various scripts, that caused issues before.
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
177 " We are not really asserting anything here, it's just important
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
178 " that ASAN does not detect any issues.
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
179 func Test_crash1_3()
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
180 let vim = GetVimProg()
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
181 let buf = RunVimInTerminal('sh', #{cmd: 'sh'})
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
182
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
183 let file = 'crash/poc_ex_substitute'
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
184 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
185 let args = printf(cmn_args, vim, file)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
186 call term_sendkeys(buf, args)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
187 call TermWait(buf, 150)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
188
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
189 let file = 'crash/poc_uaf_exec_instructions'
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
190 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
191 let args = printf(cmn_args, vim, file)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
192 call term_sendkeys(buf, args)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
193 call TermWait(buf, 150)
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
194
33915
a49ae967e9ed patch 9.0.2158: [security]: use-after-free in check_argument_type
Christian Brabandt <cb@256bit.org>
parents: 33879
diff changeset
195 let file = 'crash/poc_uaf_check_argument_types'
a49ae967e9ed patch 9.0.2158: [security]: use-after-free in check_argument_type
Christian Brabandt <cb@256bit.org>
parents: 33879
diff changeset
196 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
a49ae967e9ed patch 9.0.2158: [security]: use-after-free in check_argument_type
Christian Brabandt <cb@256bit.org>
parents: 33879
diff changeset
197 let args = printf(cmn_args, vim, file)
a49ae967e9ed patch 9.0.2158: [security]: use-after-free in check_argument_type
Christian Brabandt <cb@256bit.org>
parents: 33879
diff changeset
198 call term_sendkeys(buf, args)
a49ae967e9ed patch 9.0.2158: [security]: use-after-free in check_argument_type
Christian Brabandt <cb@256bit.org>
parents: 33879
diff changeset
199 call TermWait(buf, 150)
a49ae967e9ed patch 9.0.2158: [security]: use-after-free in check_argument_type
Christian Brabandt <cb@256bit.org>
parents: 33879
diff changeset
200
35871
1758bb7a9865 patch 9.1.0647: [security] use-after-free in tagstack_clear_entry
Christian Brabandt <cb@256bit.org>
parents: 33915
diff changeset
201 let file = 'crash/double_free'
1758bb7a9865 patch 9.1.0647: [security] use-after-free in tagstack_clear_entry
Christian Brabandt <cb@256bit.org>
parents: 33915
diff changeset
202 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
1758bb7a9865 patch 9.1.0647: [security] use-after-free in tagstack_clear_entry
Christian Brabandt <cb@256bit.org>
parents: 33915
diff changeset
203 let args = printf(cmn_args, vim, file)
1758bb7a9865 patch 9.1.0647: [security] use-after-free in tagstack_clear_entry
Christian Brabandt <cb@256bit.org>
parents: 33915
diff changeset
204 call term_sendkeys(buf, args)
1758bb7a9865 patch 9.1.0647: [security] use-after-free in tagstack_clear_entry
Christian Brabandt <cb@256bit.org>
parents: 33915
diff changeset
205 call TermWait(buf, 50)
1758bb7a9865 patch 9.1.0647: [security] use-after-free in tagstack_clear_entry
Christian Brabandt <cb@256bit.org>
parents: 33915
diff changeset
206
35873
3e2f18adac4a patch 9.1.0648: [security] double-free in dialog_changed()
Christian Brabandt <cb@256bit.org>
parents: 35871
diff changeset
207 let file = 'crash/dialog_changed_uaf'
3e2f18adac4a patch 9.1.0648: [security] double-free in dialog_changed()
Christian Brabandt <cb@256bit.org>
parents: 35871
diff changeset
208 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
3e2f18adac4a patch 9.1.0648: [security] double-free in dialog_changed()
Christian Brabandt <cb@256bit.org>
parents: 35871
diff changeset
209 let args = printf(cmn_args, vim, file)
3e2f18adac4a patch 9.1.0648: [security] double-free in dialog_changed()
Christian Brabandt <cb@256bit.org>
parents: 35871
diff changeset
210 call term_sendkeys(buf, args)
3e2f18adac4a patch 9.1.0648: [security] double-free in dialog_changed()
Christian Brabandt <cb@256bit.org>
parents: 35871
diff changeset
211 call TermWait(buf, 150)
3e2f18adac4a patch 9.1.0648: [security] double-free in dialog_changed()
Christian Brabandt <cb@256bit.org>
parents: 35871
diff changeset
212
35944
e0e4d42f19ad Problem: crash with WinNewPre autocommand
Christian Brabandt <cb@256bit.org>
parents: 35873
diff changeset
213 let file = 'crash/nullpointer'
e0e4d42f19ad Problem: crash with WinNewPre autocommand
Christian Brabandt <cb@256bit.org>
parents: 35873
diff changeset
214 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"
e0e4d42f19ad Problem: crash with WinNewPre autocommand
Christian Brabandt <cb@256bit.org>
parents: 35873
diff changeset
215 let args = printf(cmn_args, vim, file)
e0e4d42f19ad Problem: crash with WinNewPre autocommand
Christian Brabandt <cb@256bit.org>
parents: 35873
diff changeset
216 call term_sendkeys(buf, args)
e0e4d42f19ad Problem: crash with WinNewPre autocommand
Christian Brabandt <cb@256bit.org>
parents: 35873
diff changeset
217 call TermWait(buf, 50)
e0e4d42f19ad Problem: crash with WinNewPre autocommand
Christian Brabandt <cb@256bit.org>
parents: 35873
diff changeset
218
36048
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
219 let file = 'crash/heap_overflow3'
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
220 let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
221 let args = printf(cmn_args, vim, file)
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
222 call term_sendkeys(buf, args)
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
223 call TermWait(buf, 150)
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
224
179d2e139736 patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
Christian Brabandt <cb@256bit.org>
parents: 36043
diff changeset
225
33879
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
226 " clean up
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
227 exe buf .. "bw!"
d418c82f02a4 patch 9.0.2149: [security]: use-after-free in exec_instructions()
Christian Brabandt <cb@256bit.org>
parents: 33865
diff changeset
228 bw!
33772
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
229 endfunc
7624df087ebf patch 9.0.2106: [security]: Use-after-free in win_close()
Christian Brabandt <cb@256bit.org>
parents: 33523
diff changeset
230
33132
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
231 func Test_crash2()
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
232 " The following used to crash Vim
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
233 let opts = #{wait_for_ruler: 0, rows: 20}
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
234 let args = ' -u NONE -i NONE -n -e -s -S '
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
235 let buf = RunVimInTerminal(args .. ' crash/vim_regsub_both', opts)
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
236 call VerifyScreenDump(buf, 'Test_crash_01', {})
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
237 exe buf .. "bw!"
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
238 endfunc
811555b5ab8b patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents: 33115
diff changeset
239
36043
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
240 func Test_zz_cleanup()
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
241 " That file is created at Test_crash1_2() by dialog_changed_uaf
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
242 " but cleanup in that Test, doesn't remove it. Let's try again at
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
243 " the end of this test script
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
244 call delete('Untitled')
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
245 endfunc
23090f17734a patch 9.1.0695: tests: test_crash leaves Untitled file around
Christian Brabandt <cb@256bit.org>
parents: 36023
diff changeset
246
33115
e64f3ab1a8b9 patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff changeset
247 " vim: shiftwidth=2 sts=2 expandtab