# HG changeset patch # User Bram Moolenaar # Date 1598701503 -7200 # Node ID a98211c3e14ed35e2704eefcb68ad46bb7c39f86 # Parent 3c923f3b100feb3b69b8016f7787a20cb4452d4d patch 8.2.1539: using invalid script ID causes a crash Commit: https://github.com/vim/vim/commit/e3d4685f1f716e0c516332101d85e0930f20fc59 Author: Bram Moolenaar Date: Sat Aug 29 13:39:17 2020 +0200 patch 8.2.1539: using invalid script ID causes a crash Problem: Using invalid script ID causes a crash. Solution: Check the script ID to be valid. (closes https://github.com/vim/vim/issues/6804) diff --git a/src/evalvars.c b/src/evalvars.c --- a/src/evalvars.c +++ b/src/evalvars.c @@ -524,7 +524,7 @@ list_vim_vars(int *first) static void list_script_vars(int *first) { - if (current_sctx.sc_sid > 0 && current_sctx.sc_sid <= script_items.ga_len) + if (SCRIPT_ID_VALID(current_sctx.sc_sid)) list_hashtable_vars(&SCRIPT_VARS(current_sctx.sc_sid), "s:", FALSE, first); } @@ -2609,7 +2609,7 @@ get_script_local_ht(void) { scid_T sid = current_sctx.sc_sid; - if (sid > 0 && sid <= script_items.ga_len) + if (SCRIPT_ID_VALID(sid)) return &SCRIPT_VARS(sid); return NULL; } diff --git a/src/globals.h b/src/globals.h --- a/src/globals.h +++ b/src/globals.h @@ -297,8 +297,9 @@ EXTERN int do_profiling INIT(= PROF_NONE # endif EXTERN garray_T script_items INIT5(0, 0, sizeof(scriptitem_T *), 20, NULL); # define SCRIPT_ITEM(id) (((scriptitem_T **)script_items.ga_data)[(id) - 1]) -# define SCRIPT_SV(id) (SCRIPT_ITEM(id)->sn_vars) -# define SCRIPT_VARS(id) (SCRIPT_SV(id)->sv_dict.dv_hashtab) +# define SCRIPT_ID_VALID(id) ((id) > 0 && (id) <= script_items.ga_len) +# define SCRIPT_SV(id) (SCRIPT_ITEM(id)->sn_vars) +# define SCRIPT_VARS(id) (SCRIPT_SV(id)->sv_dict.dv_hashtab) # define FUNCLINE(fp, j) ((char_u **)(fp->uf_lines.ga_data))[j] diff --git a/src/profiler.c b/src/profiler.c --- a/src/profiler.c +++ b/src/profiler.c @@ -761,7 +761,7 @@ script_prof_save( { scriptitem_T *si; - if (current_sctx.sc_sid > 0 && current_sctx.sc_sid <= script_items.ga_len) + if (SCRIPT_ID_VALID(current_sctx.sc_sid)) { si = SCRIPT_ITEM(current_sctx.sc_sid); if (si->sn_prof_on && si->sn_pr_nest++ == 0) @@ -778,7 +778,7 @@ script_prof_restore(proftime_T *tm) { scriptitem_T *si; - if (current_sctx.sc_sid > 0 && current_sctx.sc_sid <= script_items.ga_len) + if (SCRIPT_ID_VALID(current_sctx.sc_sid)) { si = SCRIPT_ITEM(current_sctx.sc_sid); if (si->sn_prof_on && --si->sn_pr_nest == 0) @@ -903,7 +903,7 @@ script_line_start(void) scriptitem_T *si; sn_prl_T *pp; - if (current_sctx.sc_sid <= 0 || current_sctx.sc_sid > script_items.ga_len) + if (!SCRIPT_ID_VALID(current_sctx.sc_sid)) return; si = SCRIPT_ITEM(current_sctx.sc_sid); if (si->sn_prof_on && SOURCING_LNUM >= 1) @@ -938,7 +938,7 @@ script_line_exec(void) { scriptitem_T *si; - if (current_sctx.sc_sid <= 0 || current_sctx.sc_sid > script_items.ga_len) + if (!SCRIPT_ID_VALID(current_sctx.sc_sid)) return; si = SCRIPT_ITEM(current_sctx.sc_sid); if (si->sn_prof_on && si->sn_prl_idx >= 0) @@ -954,7 +954,7 @@ script_line_end(void) scriptitem_T *si; sn_prl_T *pp; - if (current_sctx.sc_sid <= 0 || current_sctx.sc_sid > script_items.ga_len) + if (!SCRIPT_ID_VALID(current_sctx.sc_sid)) return; si = SCRIPT_ITEM(current_sctx.sc_sid); if (si->sn_prof_on && si->sn_prl_idx >= 0 diff --git a/src/scriptfile.c b/src/scriptfile.c --- a/src/scriptfile.c +++ b/src/scriptfile.c @@ -1517,7 +1517,7 @@ ex_scriptnames(exarg_T *eap) if (eap->addr_count > 0) { // :script {scriptId}: edit the script - if (eap->line2 < 1 || eap->line2 > script_items.ga_len) + if (!SCRIPT_ID_VALID(eap->line2)) emsg(_(e_invarg)); else { diff --git a/src/testdir/test_vim9_script.vim b/src/testdir/test_vim9_script.vim --- a/src/testdir/test_vim9_script.vim +++ b/src/testdir/test_vim9_script.vim @@ -4,6 +4,7 @@ source check.vim source term_util.vim source view_util.vim source vim9.vim +source shared.vim def Test_syntax() let var = 234 @@ -3252,6 +3253,14 @@ def Test_cmdline_win() delete('rtp', 'rf') enddef +def Test_invalid_sid() + assert_fails('func 1234_func', 'E123:') + if RunVim([], ['wq Xdidit'], '+"func 1_func"') + call assert_equal([], readfile('Xdidit')) + endif + delete('Xdidit') +enddef + " Keep this last, it messes up highlighting. def Test_substitute_cmd() new diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -755,6 +755,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1539, +/**/ 1538, /**/ 1537, diff --git a/src/vim9compile.c b/src/vim9compile.c --- a/src/vim9compile.c +++ b/src/vim9compile.c @@ -1661,7 +1661,7 @@ get_script_item_idx(int sid, char_u *nam int idx; // First look the name up in the hashtable. - if (sid <= 0 || sid > script_items.ga_len) + if (!SCRIPT_ID_VALID(sid)) return -1; ht = &SCRIPT_VARS(sid); di = find_var_in_ht(ht, 0, name, TRUE); @@ -1692,7 +1692,7 @@ find_imported(char_u *name, size_t len, { int idx; - if (current_sctx.sc_sid <= 0) + if (!SCRIPT_ID_VALID(current_sctx.sc_sid)) return NULL; if (cctx != NULL) for (idx = 0; idx < cctx->ctx_imports.ga_len; ++idx) @@ -1712,9 +1712,12 @@ find_imported(char_u *name, size_t len, imported_T * find_imported_in_script(char_u *name, size_t len, int sid) { - scriptitem_T *si = SCRIPT_ITEM(sid); + scriptitem_T *si; int idx; + if (!SCRIPT_ID_VALID(sid)) + return NULL; + si = SCRIPT_ITEM(sid); for (idx = 0; idx < si->sn_imports.ga_len; ++idx) { imported_T *import = ((imported_T *)si->sn_imports.ga_data) + idx; @@ -1966,10 +1969,14 @@ compile_load_scriptvar( char_u **end, // end of variable int error) // when TRUE may give error { - scriptitem_T *si = SCRIPT_ITEM(current_sctx.sc_sid); - int idx = get_script_item_idx(current_sctx.sc_sid, name, FALSE); + scriptitem_T *si; + int idx; imported_T *import; + if (!SCRIPT_ID_VALID(current_sctx.sc_sid)) + return FAIL; + si = SCRIPT_ITEM(current_sctx.sc_sid); + idx = get_script_item_idx(current_sctx.sc_sid, name, FALSE); if (idx == -1 || si->sn_version != SCRIPT_VERSION_VIM9) { // variable is not in sn_var_vals: old style script. @@ -4750,15 +4757,18 @@ compile_assignment(char_u *arg, exarg_T scriptvar_sid = current_sctx.sc_sid; if (import != NULL) scriptvar_sid = import->imp_sid; - scriptvar_idx = get_script_item_idx(scriptvar_sid, + if (SCRIPT_ID_VALID(scriptvar_sid)) + { + scriptvar_idx = get_script_item_idx(scriptvar_sid, rawname, TRUE); - if (scriptvar_idx >= 0) - { - scriptitem_T *si = SCRIPT_ITEM(scriptvar_sid); - svar_T *sv = + if (scriptvar_idx > 0) + { + scriptitem_T *si = SCRIPT_ITEM(scriptvar_sid); + svar_T *sv = ((svar_T *)si->sn_var_vals.ga_data) + scriptvar_idx; - type = sv->sv_type; + type = sv->sv_type; + } } } else if (name[1] == ':' && name[2] != NUL)