Mercurial > vim
changeset 33482:39b2e200c4d7 v9.0.1992
patch 9.0.1992: [security] segfault in exmode
Commit: https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Oct 5 22:08:30 2023 +0200
patch 9.0.1992: [security] segfault in exmode
Problem: segfault in exmode when redrawing
Solution: skip gui_scroll when exmode_active
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Thu, 05 Oct 2023 22:15:03 +0200 |
parents | a98b4a9f8864 |
children | 0efb005b99a8 |
files | src/gui.c src/testdir/crash/crash_scrollbar src/testdir/test_crash.vim src/version.c |
diffstat | 4 files changed, 15 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/gui.c +++ b/src/gui.c @@ -4397,6 +4397,7 @@ gui_do_scrollbar( * Scroll a window according to the values set in the globals * "current_scrollbar" and "scrollbar_value". * Return TRUE if the cursor in the current window moved or FALSE otherwise. + * may eventually cause a redraw using updateWindow */ int gui_do_scroll(void) @@ -4416,6 +4417,9 @@ gui_do_scroll(void) if (wp == NULL) // Couldn't find window return FALSE; + // don't redraw, LineOffset and similar are not valid! + if (exmode_active) + return FALSE; /* * Compute number of lines to scroll. If zero, nothing to do.
new file mode 100644 --- /dev/null +++ b/src/testdir/crash/crash_scrollbar @@ -0,0 +1,2 @@ +" this goes to insert mode and presses key k_VerScrollbar which may cause a redraw in exmode, which used ot crash Vim +norm o€ùX
--- a/src/testdir/test_crash.vim +++ b/src/testdir/test_crash.vim @@ -72,6 +72,12 @@ func Test_crash1() \ ' || echo "crash 8: [OK]" >> X_crash1_result.txt' .. "\<cr>") call TermWait(buf, 3000) + let file = 'crash/crash_scrollbar' + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args .. + \ ' && echo "crash 9: [OK]" >> X_crash1_result.txt' .. "\<cr>") + call TermWait(buf, 1000) + " clean up exe buf .. "bw!" @@ -86,6 +92,7 @@ func Test_crash1() \ 'crash 6: [OK]', \ 'crash 7: [OK]', \ 'crash 8: [OK]', + \ 'crash 9: [OK]', \ ] call assert_equal(expected, getline(1, '$'))