mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-12-06 14:42:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): fix nvim_buf_set_text heap-use-after-free (#19644)

Browse Source 
The line returned but ml_get_buf() may be freed by another call to
ml_get_buf(), so it is necessary to make a copy.
This commit is contained in:
zeertzjq
2022-08-06 06:22:01 +08:00
committed by GitHub
parent 85ad0e6b43
commit a308f53525
2 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
test/functional/api/buffer_spec.lua
View File

@@ -7,6 +7,7 @@ local meths = helpers.meths
local funcs = helpers.funcs
local request = helpers.request
local exc_exec = helpers.exc_exec
local exec_lua = helpers.exec_lua
local feed_command = helpers.feed_command
local insert = helpers.insert
local NIL = helpers.NIL
@@ -565,6 +566,17 @@ describe('api/buf', function()
eq('start is higher than end', pcall_err(set_text, 1, 0, 0, 0, {}))
eq('start is higher than end', pcall_err(set_text, 0, 1, 0, 0, {}))
end)
it('no heap-use-after-free when called consecutively #19643', function()
set_text(0, 0, 0, 0, {'one', '', '', 'two'})
eq({'one', '', '', 'two'}, get_lines(0, 4, true))
meths.win_set_cursor(0, {1, 0})
exec_lua([[
vim.api.nvim_buf_set_text(0, 0, 3, 1, 0, {''})
vim.api.nvim_buf_set_text(0, 0, 3, 1, 0, {''})
]])
eq({'one', 'two'}, get_lines(0, 2, true))
end)
end)
describe('nvim_buf_get_text', function()