Mercurial > vim
annotate src/testdir/test_crash.vim @ 33165:74fcf8a0846b v9.0.1864
patch 9.0.1864: still crash with bt_quickfix1_poc
Commit: https://github.com/vim/vim/commit/623ba31821a41acee7e948794e84867680b97885
Author: Christian Brabandt <cb@256bit.org>
Date: Mon Sep 4 22:09:12 2023 +0200
patch 9.0.1864: still crash with bt_quickfix1_poc
Problem: crash with bt_quickfix1_poc when cleaning up
and EXITFREE is defined
Solution: Test if buffer is valid in a window, else close
window directly, don't try to access buffer properties
While at it, increase the crash timeout slightly, so that CI has a
chance to finish processing the test_crash() test.
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Mon, 04 Sep 2023 22:15:04 +0200 |
| parents | 49cc8eebab30 |
| children | 8ac10cee18f3 |
| rev | line source |
|---|---|
|
33115
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
1 " Some tests, that used to crash Vim |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
2 source check.vim |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
3 source screendump.vim |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
4 |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
5 CheckScreendump |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
6 |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
7 func Test_crash1() |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
8 if !executable('sh') |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
9 throw 'Skipped: sh not executable!' |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
10 endif |
|
33115
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
11 " The following used to crash Vim |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
12 let opts = #{cmd: 'sh'} |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
13 let vim = GetVimProg() |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
14 |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
15 let buf = RunVimInTerminal('sh', opts) |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
16 |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
17 let file = 'crash/poc_huaf1' |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
18 let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'" |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
19 let args = printf(cmn_args, vim, file) |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
20 call term_sendkeys(buf, args .. |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
21 \ ' && echo "crash 1: [OK]" > X_crash1_result.txt' .. "\<cr>") |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
22 call TermWait(buf, 50) |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
23 |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
24 let file = 'crash/poc_huaf2' |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
25 let args = printf(cmn_args, vim, file) |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
26 call term_sendkeys(buf, args .. |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
27 \ ' && echo "crash 2: [OK]" >> X_crash1_result.txt' .. "\<cr>") |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
28 call TermWait(buf, 50) |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
29 |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
30 let file = 'crash/poc_huaf3' |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
31 let args = printf(cmn_args, vim, file) |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
32 call term_sendkeys(buf, args .. |
|
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
33 \ ' && echo "crash 3: [OK]" >> X_crash1_result.txt' .. "\<cr>") |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
34 call TermWait(buf, 100) |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
35 |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
36 let file = 'crash/bt_quickfix_poc' |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
37 let args = printf(cmn_args, vim, file) |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
38 call term_sendkeys(buf, args .. |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
39 \ ' && echo "crash 4: [OK]" >> X_crash1_result.txt' .. "\<cr>") |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
40 " clean up |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
41 call delete('Xerr') |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
42 " This test takes a bit longer |
|
33165
74fcf8a0846b
patch 9.0.1864: still crash with bt_quickfix1_poc
Christian Brabandt <cb@256bit.org>
parents:
33156
diff
changeset
|
43 call TermWait(buf, 1000) |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
44 |
|
33152
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
45 let file = 'crash/poc_tagfunc.vim' |
|
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
46 let args = printf(cmn_args, vim, file) |
|
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
47 call term_sendkeys(buf, args .. |
|
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
48 \ ' || echo "crash 5: [OK]" >> X_crash1_result.txt' .. "\<cr>") |
|
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
49 |
|
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
50 call TermWait(buf, 100) |
|
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
51 |
|
33154
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
52 let file = 'crash/bt_quickfix1_poc' |
|
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
53 let args = printf(cmn_args, vim, file) |
|
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
54 call term_sendkeys(buf, args .. |
|
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
55 \ ' && echo "crash 6: [OK]" >> X_crash1_result.txt' .. "\<cr>") |
|
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
56 " clean up |
|
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
57 call delete('X') |
|
33165
74fcf8a0846b
patch 9.0.1864: still crash with bt_quickfix1_poc
Christian Brabandt <cb@256bit.org>
parents:
33156
diff
changeset
|
58 call TermWait(buf, 1000) |
|
33154
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
59 |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
60 " clean up |
|
33115
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
61 exe buf .. "bw!" |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
62 |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
63 sp X_crash1_result.txt |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
64 |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
65 let expected = [ |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
66 \ 'crash 1: [OK]', |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
67 \ 'crash 2: [OK]', |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
68 \ 'crash 3: [OK]', |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
69 \ 'crash 4: [OK]', |
|
33152
8c9c79b00316
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp()
Christian Brabandt <cb@256bit.org>
parents:
33150
diff
changeset
|
70 \ 'crash 5: [OK]', |
|
33154
faeeed7df688
patch 9.0.1859: heap-use-after-free in bt_normal()
Christian Brabandt <cb@256bit.org>
parents:
33152
diff
changeset
|
71 \ 'crash 6: [OK]', |
|
33150
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
72 \ ] |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
73 |
|
cdc797578b8b
patch 9.0.1857: [security] heap-use-after-free in is_qf_win()
Christian Brabandt <cb@256bit.org>
parents:
33144
diff
changeset
|
74 call assert_equal(expected, getline(1, '$')) |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
75 bw! |
|
33115
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
76 |
|
33144
9c34366acd4e
patch 9.0.1854: test_crash1() fails on CI
Christian Brabandt <cb@256bit.org>
parents:
33132
diff
changeset
|
77 call delete('X_crash1_result.txt') |
|
33115
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
78 endfunc |
|
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
79 |
|
33132
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
80 func Test_crash2() |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
81 " The following used to crash Vim |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
82 let opts = #{wait_for_ruler: 0, rows: 20} |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
83 let args = ' -u NONE -i NONE -n -e -s -S ' |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
84 let buf = RunVimInTerminal(args .. ' crash/vim_regsub_both', opts) |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
85 call VerifyScreenDump(buf, 'Test_crash_01', {}) |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
86 exe buf .. "bw!" |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
87 endfunc |
|
811555b5ab8b
patch 9.0.1848: [security] buffer-overflow in vim_regsub_both()
Christian Brabandt <cb@256bit.org>
parents:
33115
diff
changeset
|
88 |
|
33115
e64f3ab1a8b9
patch 9.0.1840: [security] use-after-free in do_ecmd
Christian Brabandt <cb@256bit.org>
parents:
diff
changeset
|
89 " vim: shiftwidth=2 sts=2 expandtab |