mirror of
https://github.com/neovim/neovim.git
synced 2025-10-10 20:06:33 +00:00
terminal.c:redraw(): Avoid invalid cursor col (#6379)
Removed the call to validate_cursor() because mb_check_adjust_col() is already called in adjust_topline(). Closes #6378 References #6203 https://s3.amazonaws.com/archive.travis-ci.org/jobs/215498258/log.txt [ ERROR ] ...ovim/neovim/test/functional/terminal/scrollback_spec.lua @ 386: 'scrollback' option set to 0 behaves as 1 (10621.17 ms) ==================== File /home/travis/build/neovim/neovim/build/log/ubsan.12836 ==================== = ================================================================= = ==12836==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100002cd00 at pc 0x000000eafe90 bp 0x7ffc8661fe50 sp 0x7ffc8661fe48 = READ of size 1 at 0x62100002cd00 thread T0 = #0 0xeafe8f in utf_head_off /home/travis/build/neovim/neovim/src/nvim/mbyte.c:1457:7 = #1 0x6b890e in getvcol /home/travis/build/neovim/neovim/src/nvim/charset.c:1169:15 = #2 0x6bc777 in getvvcol /home/travis/build/neovim/neovim/src/nvim/charset.c:1336:5 = #3 0xfc067b in curs_columns /home/travis/build/neovim/neovim/src/nvim/move.c:730:5 = #4 0xfbc8db in validate_cursor /home/travis/build/neovim/neovim/src/nvim/move.c:510:5 = #5 0x14479ed in setcursor /home/travis/build/neovim/neovim/src/nvim/screen.c:6363:5 = #6 0x17fe054 in redraw /home/travis/build/neovim/neovim/src/nvim/terminal.c:1175:5 = #7 0x17f95e4 in terminal_enter /home/travis/build/neovim/neovim/src/nvim/terminal.c:392:3 = #8 0x70eb2b in edit /home/travis/build/neovim/neovim/src/nvim/edit.c:1300:7 = #9 0x11097d1 in normal_finish_command /home/travis/build/neovim/neovim/src/nvim/normal.c:947:13 = #10 0x1081191 in normal_execute /home/travis/build/neovim/neovim/src/nvim/normal.c:1138:3 = #11 0x170b813 in state_enter /home/travis/build/neovim/neovim/src/nvim/state.c:58:26 = #12 0x103631b in normal_enter /home/travis/build/neovim/neovim/src/nvim/normal.c:464:3 = #13 0xdfb7a8 in main /home/travis/build/neovim/neovim/src/nvim/main.c:552:3 = #14 0x2b8a3c85bf44 in __libc_start_main /build/eglibc-MjiXCM/eglibc-2.19/csu/libc-start.c:287 = #15 0x447b25 in _start (/home/travis/build/neovim/neovim/build/bin/nvim+0x447b25) = = 0x62100002cd00 is located 0 bytes to the right of 4096-byte region [0x62100002bd00,0x62100002cd00) = allocated by thread T0 here: = #0 0x4f1e98 in malloc (/home/travis/build/neovim/neovim/build/bin/nvim+0x4f1e98) = #1 0xf28774 in try_malloc /home/travis/build/neovim/neovim/src/nvim/memory.c:84:15 = #2 0xf28934 in xmalloc /home/travis/build/neovim/neovim/src/nvim/memory.c:118:15 = #3 0xec7be8 in mf_alloc_bhdr /home/travis/build/neovim/neovim/src/nvim/memfile.c:646:17 = #4 0xec58d4 in mf_new /home/travis/build/neovim/neovim/src/nvim/memfile.c:297:12 = #5 0xeda8a8 in ml_new_data /home/travis/build/neovim/neovim/src/nvim/memline.c:2697:16 = #6 0xed7beb in ml_open /home/travis/build/neovim/neovim/src/nvim/memline.c:349:8 = #7 0x643fcd in open_buffer /home/travis/build/neovim/neovim/src/nvim/buffer.c:109:7 = #8 0xa7038c in do_ecmd /home/travis/build/neovim/neovim/src/nvim/ex_cmds.c:2483:24 = #9 0xb5bb49 in do_exedit /home/travis/build/neovim/neovim/src/nvim/ex_docmd.c:6839:9 = #10 0xb7b6d8 in ex_edit /home/travis/build/neovim/neovim/src/nvim/ex_docmd.c:6767:3 = #11 0xb2a598 in do_one_cmd /home/travis/build/neovim/neovim/src/nvim/ex_docmd.c:2208:5 = #12 0xb08f47 in do_cmdline /home/travis/build/neovim/neovim/src/nvim/ex_docmd.c:602:20 = #13 0x109997b in nv_colon /home/travis/build/neovim/neovim/src/nvim/normal.c:4492:18 = #14 0x1081188 in normal_execute /home/travis/build/neovim/neovim/src/nvim/normal.c:1135:3 = #15 0x170b813 in state_enter /home/travis/build/neovim/neovim/src/nvim/state.c:58:26 = #16 0x103631b in normal_enter /home/travis/build/neovim/neovim/src/nvim/normal.c:464:3 = #17 0xdfb7a8 in main /home/travis/build/neovim/neovim/src/nvim/main.c:552:3 = #18 0x2b8a3c85bf44 in __libc_start_main /build/eglibc-MjiXCM/eglibc-2.19/csu/libc-start.c:287 = = SUMMARY: AddressSanitizer: heap-buffer-overflow /home/travis/build/neovim/neovim/src/nvim/mbyte.c:1457:7 in utf_head_off = Shadow bytes around the buggy address: = 0x0c427fffd950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 = 0x0c427fffd960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 = 0x0c427fffd970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 = 0x0c427fffd980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 = 0x0c427fffd990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 = =>0x0c427fffd9a0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa = 0x0c427fffd9b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa = 0x0c427fffd9c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa = 0x0c427fffd9d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa = 0x0c427fffd9e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa = 0x0c427fffd9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa = Shadow byte legend (one shadow byte represents 8 application bytes): = Addressable: 00 = Partially addressable: 01 02 03 04 05 06 07 = Heap left redzone: fa = Heap right redzone: fb = Freed heap region: fd = Stack left redzone: f1 = Stack mid redzone: f2 = Stack right redzone: f3 = Stack partial redzone: f4 = Stack after return: f5 = Stack use after scope: f8 = Global redzone: f9 = Global init order: f6 = Poisoned by user: f7 = Container overflow: fc = Array cookie: ac = Intra object redzone: bb = ASan internal: fe = Left alloca redzone: ca = Right alloca redzone: cb = ==12836==ABORTING ===================================================================================================== ./test/helpers.lua:82: assertion failed! stack traceback: ./test/helpers.lua:82: in function 'check_logs' ./test/functional/helpers.lua:643: in function <./test/functional/helpers.lua:642>
This commit is contained in:
Justin M. Keyes
@@ -1155,7 +1155,6 @@ static void redraw(bool restore_cursor)
|
|||||||
save_col = ui_current_col();
|
save_col = ui_current_col();
|
||||||
}
|
}
|
||||||
block_autocmds();
|
block_autocmds();
|
||||||
validate_cursor();
|
|
||||||
|
|
||||||
if (must_redraw) {
|
if (must_redraw) {
|
||||||
update_screen(0);
|
update_screen(0);
|
||||||
@@ -1172,7 +1171,7 @@ static void redraw(bool restore_cursor)
|
|||||||
int off = is_focused(term) ? 0 : (curwin->w_p_rl ? 1 : -1);
|
int off = is_focused(term) ? 0 : (curwin->w_p_rl ? 1 : -1);
|
||||||
curwin->w_cursor.col = MAX(0, term->cursor.col + win_col_off(curwin) + off);
|
curwin->w_cursor.col = MAX(0, term->cursor.col + win_col_off(curwin) + off);
|
||||||
curwin->w_cursor.coladd = 0;
|
curwin->w_cursor.coladd = 0;
|
||||||
setcursor();
|
mb_check_adjust_col(curwin);
|
||||||
}
|
}
|
||||||
|
|
||||||
unblock_autocmds();
|
unblock_autocmds();
|
||||||
|
|||||||
@@ -60,16 +60,17 @@ describe('terminal cursor', function()
|
|||||||
]])
|
]])
|
||||||
end)
|
end)
|
||||||
|
|
||||||
pending('is positioned correctly when focused', function()
|
it('is positioned correctly when focused', function()
|
||||||
feed('i')
|
feed('i')
|
||||||
|
helpers.wait()
|
||||||
screen:expect([[
|
screen:expect([[
|
||||||
1 tty ready |
|
{7: 1 }tty ready |
|
||||||
2 {1: } |
|
{7: 2 }{1: } |
|
||||||
3 |
|
{7: 3 } |
|
||||||
4 |
|
{7: 4 } |
|
||||||
5 |
|
{7: 5 } |
|
||||||
6 |
|
{7: 6 } |
|
||||||
-- TERMINAL -- |
|
{3:-- TERMINAL --} |
|
||||||
]])
|
]])
|
||||||
end)
|
end)
|
||||||
end)
|
end)
|
||||||
|
|||||||
@@ -322,6 +322,7 @@ describe("tui 't_Co' (terminal colors)", function()
|
|||||||
helpers.nvim_prog))
|
helpers.nvim_prog))
|
||||||
|
|
||||||
thelpers.feed_data(":echo &t_Co\n")
|
thelpers.feed_data(":echo &t_Co\n")
|
||||||
|
helpers.wait()
|
||||||
local tline
|
local tline
|
||||||
if maxcolors == 8 then
|
if maxcolors == 8 then
|
||||||
tline = "~ "
|
tline = "~ "
|
||||||
|
|||||||
Reference in New Issue
Block a user