vim: src/quickfix.c comparison

comparison src/quickfix.c @ 13090:a0c6910e7fa4 v8.0.1420

patch 8.0.1420: accessing freed memory in vimgrep commit https://github.com/vim/vim/commit/3c09722600e3218905b5d4a7b635a9e6560f87b3 Author: Bram Moolenaar <Bram@vim.org> Date: Thu Dec 21 20:54:49 2017 +0100 patch 8.0.1420: accessing freed memory in vimgrep Problem: Accessing freed memory in vimgrep. Solution: Check that the quickfix list is still valid. (Yegappan Lakshmanan, closes #2474)

author	Christian Brabandt <cb@256bit.org>
date	Thu, 21 Dec 2017 21:00:06 +0100
parents	a1f8939a4644
children	bfa7f5b23c53

comparison

equal deleted inserted replaced

-:5127f347a3e4
+:a0c6910e7fa4
 static char_u	*qf_types(int, int);
 static int	qf_get_fnum(qf_info_T *qi, int qf_idx, char_u *, char_u *);
 static char_u	*qf_push_dir(char_u *, struct dir_stack_T **, int is_file_stack);
 static char_u	*qf_pop_dir(struct dir_stack_T **);
 static char_u	*qf_guess_filepath(qf_info_T *qi, int qf_idx, char_u *);
+static int	qflist_valid(win_T *wp, int_u qf_id);
 static void	qf_fmt_text(char_u *text, char_u *buf, int bufsize);
 static void	qf_clean_dir_stack(struct dir_stack_T **);
 static int	qf_win_pos_update(qf_info_T *qi, int old_qf_index);
 static int	is_qf_win(win_T *win, qf_info_T *qi);
 static win_T	*qf_find_win(qf_info_T *qi);
 * Looking up a buffer can be slow if there are many.  Remember the last one
 * to make this a lot faster if there are multiple matches in the same file.
 */
 static char_u   *qf_last_bufname = NULL;
 static bufref_T  qf_last_bufref = {NULL, 0, 0};
+static char	*e_loc_list_changed =
+				 N_("E926: Current location list was changed");
 /*
 * Read the errorfile "efile" into memory, line by line, building the error
 * list. Set the error list's title to qf_title.
 * Return -1 for error, number of errors for success.
 return ds_ptr==NULL? NULL: ds_ptr->dirname;
 }
 /*
+* Returns TRUE if a quickfix/location list with the given identifier exists.
+*/
+static int
+qflist_valid (win_T *wp, int_u qf_id)
+{
+qf_info_T	*qi = &ql_info;
+int		i;
+if (wp != NULL)
+{
+	qi = GET_LOC_LIST(wp);	    /* Location list */
+	if (qi == NULL)
+	    return FALSE;
+}
+for (i = 0; i < qi->qf_listcount; ++i)
+	if (qi->qf_lists[i].qf_id == qf_id)
+	    return TRUE;
+return FALSE;
+}
+/*
 * When loading a file from the quickfix, the auto commands may modify it.
 * This may invalidate the current quickfix entry.  This function checks
 * whether a entry is still present in the quickfix.
 * Similar to location list.
 */
 		    oldwin == curwin ? curwin : NULL);
 }
 else
 {
 	int old_qf_curlist = qi->qf_curlist;
+	int save_qfid = qi->qf_lists[qi->qf_curlist].qf_id;
 	retval = buflist_getfile(qf_ptr->qf_fnum,
 		(linenr_T)1, GETF_SETMARK | GETF_SWITCH, forceit);
-	if (qi != &ql_info && !win_valid_any_tab(oldwin))
-	{
+	if (qi != &ql_info)
-	    EMSG(_("E924: Current window was closed"));
+	{
-	    *abort = TRUE;
+	    /*
-	    *opened_window = FALSE;
+	     * Location list. Check whether the associated window is still
+	     * present and the list is still valid.
+	     */
+	    if (!win_valid_any_tab(oldwin))
+	    {
+		EMSG(_("E924: Current window was closed"));
+		*abort = TRUE;
+		*opened_window = FALSE;
+	    }
+	    else if (!qflist_valid(oldwin, save_qfid))
+	    {
+		EMSG(_(e_loc_list_changed));
+		*abort = TRUE;
+	    }
 	}
 	else if (old_qf_curlist != qi->qf_curlist
 		|| !is_qf_entry_present(qi, qf_ptr))
 	{
 	    if (qi == &ql_info)
 		EMSG(_("E925: Current quickfix was changed"));
 	    else
-		EMSG(_("E926: Current location list was changed"));
+		EMSG(_(e_loc_list_changed));
 	    *abort = TRUE;
 	}
 	if (*abort)
 	    retval = FALSE;
 char_u	*enc = NULL;
 win_T	*wp = NULL;
 qf_info_T	*qi = &ql_info;
 #ifdef FEAT_AUTOCMD
 char_u	*au_name = NULL;
+int		save_qfid;
 #endif
 int		res;
 #ifdef FEAT_AUTOCMD
 switch (eap->cmdidx)
 if (wp != NULL)
 	qi = GET_LOC_LIST(wp);
 if (res >= 0 && qi != NULL)
 	qf_list_changed(qi, qi->qf_curlist);
 #ifdef FEAT_AUTOCMD
+save_qfid = qi->qf_lists[qi->qf_curlist].qf_id;
 if (au_name != NULL)
 	apply_autocmds(EVENT_QUICKFIXCMDPOST, au_name, NULL, FALSE, curbuf);
+/*
+* Autocmd might have freed the quickfix/location list. Check whether it is
+* still valid
+*/
+if (!qflist_valid(wp, save_qfid))
+	return;
 #endif
 if (res > 0 && (eap->cmdidx == CMD_cfile || eap->cmdidx == CMD_lfile))
 {
 	qf_jump(qi, 0, 0, eap->forceit);	/* display first error */
 }
 char_u	*title;
 char_u	*s;
 char_u	*p;
 int		fi;
 qf_info_T	*qi = &ql_info;
+int		loclist_cmd = FALSE;
 #ifdef FEAT_AUTOCMD
+int_u	save_qfid;
 qfline_T	*cur_qf_start;
+win_T	*wp;
 #endif
 long	lnum;
 buf_T	*buf;
 int		duplicate_name = FALSE;
 int		using_dummy;
 	    || eap->cmdidx == CMD_lvimgrepadd)
 {
 	qi = ll_get_or_alloc_list(curwin);
 	if (qi == NULL)
 	    return;
+	loclist_cmd = TRUE;
 }
 if (eap->addr_count > 0)
 	tomatch = eap->line2;
 else
 /* Remember the current directory, because a BufRead autocommand that does
 * ":lcd %:p:h" changes the meaning of short path names. */
 mch_dirname(dirname_start, MAXPATHL);
 #ifdef FEAT_AUTOCMD
-/* Remember the value of qf_start, so that we can check for autocommands
+/* Remember the current values of the quickfix list and qf_start, so that
-* changing the current quickfix list. */
+* we can check for autocommands changing the current quickfix list. */
+save_qfid = qi->qf_lists[qi->qf_curlist].qf_id;
 cur_qf_start = qi->qf_lists[qi->qf_curlist].qf_start;
 #endif
 seconds = (time_t)0;
 for (fi = 0; fi < fcount && !got_int && tomatch > 0; ++fi)
 	else
 	    /* Use existing, loaded buffer. */
 	    using_dummy = FALSE;
 #ifdef FEAT_AUTOCMD
+	if (loclist_cmd)
+	{
+	    /*
+	     * Verify that the location list is still valid. An autocmd might
+	     * have freed the location list.
+	     */
+	    if (!qflist_valid(curwin, save_qfid))
+	    {
+		EMSG(_(e_loc_list_changed));
+		goto theend;
+	    }
+	}
 	if (cur_qf_start != qi->qf_lists[qi->qf_curlist].qf_start)
 	{
 	    int idx;
 	    /* Autocommands changed the quickfix list.  Find the one we were
 #ifdef FEAT_AUTOCMD
 if (au_name != NULL)
 	apply_autocmds(EVENT_QUICKFIXCMDPOST, au_name,
 					       curbuf->b_fname, TRUE, curbuf);
+/*
+* The QuickFixCmdPost autocmd may free the quickfix list. Check the list
+* is still valid.
+*/
+wp = loclist_cmd ? curwin : NULL;
+if (!qflist_valid(wp, save_qfid))
+	goto theend;
 #endif
 /* Jump to first match. */
 if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
 {
 # endif
 }
 #endif
 /* Must come after autocommands. */
-if (eap->cmdidx == CMD_lbuffer || eap->cmdidx == CMD_lgetbuffer
+if (eap->cmdidx == CMD_lbuffer
+	    || eap->cmdidx == CMD_lgetbuffer
 	    || eap->cmdidx == CMD_laddbuffer)
 {
 	qi = ll_get_or_alloc_list(curwin);
 	if (qi == NULL)
 	    return;
 #ifdef FEAT_AUTOCMD
 char_u	*au_name = NULL;
 #endif
 int		res;
-if (eap->cmdidx == CMD_lexpr || eap->cmdidx == CMD_lgetexpr
-	    || eap->cmdidx == CMD_laddexpr)
-{
-	qi = ll_get_or_alloc_list(curwin);
-	if (qi == NULL)
-	    return;
-}
 #ifdef FEAT_AUTOCMD
 switch (eap->cmdidx)
 {
 	case CMD_cexpr:	    au_name = (char_u *)"cexpr"; break;
 	case CMD_cgetexpr:  au_name = (char_u *)"cgetexpr"; break;
 	if (aborting())
 	    return;
 # endif
 }
 #endif
+if (eap->cmdidx == CMD_lexpr
+	    || eap->cmdidx == CMD_lgetexpr
+	    || eap->cmdidx == CMD_laddexpr)
+{
+	qi = ll_get_or_alloc_list(curwin);
+	if (qi == NULL)
+	    return;
+}
 /* Evaluate the expression.  When the result is a string or a list we can
 * use it to fill the errorlist. */
 tv = eval_expr(eap->arg, NULL);
 if (tv != NULL)

Mercurial > vim

comparison src/quickfix.c @ 13090:a0c6910e7fa4 v8.0.1420