Patch 8.2.4863

11 views
Skip to first unread message

Bram Moolenaar

unread,
May 4, 2022, 11:47:26 AM5/4/22
to vim...@googlegroups.com

Patch 8.2.4863
Problem: Accessing freed memory in test without the +channel feature.
(Dominique Pellé)
Solution: Do not generted PUSHCHANNEL or PUSHJOB if they are not
implemented. (closes #10350)
Files: src/vim9instr.c, src/errors.h, src/vim9compile.c,
src/testdir/test_vim9_script.vim


*** ../vim-8.2.4862/src/vim9instr.c 2022-04-27 17:54:20.147363240 +0100
--- src/vim9instr.c 2022-05-04 16:38:34.321675911 +0100
***************
*** 755,766 ****
--- 755,773 ----
int
generate_PUSHCHANNEL(cctx_T *cctx)
{
+ #ifdef FEAT_JOB_CHANNEL
isn_T *isn;
+ #endif

RETURN_OK_IF_SKIP(cctx);
+ #ifdef FEAT_JOB_CHANNEL
if ((isn = generate_instr_type(cctx, ISN_PUSHCHANNEL, &t_channel)) == NULL)
return FAIL;
return OK;
+ #else
+ emsg(_(e_channel_job_feature_not_available));
+ return FAIL;
+ #endif
}

/*
***************
*** 769,780 ****
--- 776,794 ----
int
generate_PUSHJOB(cctx_T *cctx)
{
+ #ifdef FEAT_JOB_CHANNEL
isn_T *isn;
+ #endif

RETURN_OK_IF_SKIP(cctx);
+ #ifdef FEAT_JOB_CHANNEL
if ((isn = generate_instr_type(cctx, ISN_PUSHJOB, &t_job)) == NULL)
return FAIL;
return OK;
+ #else
+ emsg(_(e_channel_job_feature_not_available));
+ return FAIL;
+ #endif
}

/*
*** ../vim-8.2.4862/src/errors.h 2022-05-04 15:40:16.032317666 +0100
--- src/errors.h 2022-05-04 16:34:11.749873513 +0100
***************
*** 3264,3267 ****
--- 3264,3271 ----
INIT(= N_("E1275: String or function required for ->(expr)"));
EXTERN char e_illegal_map_mode_string_str[]
INIT(= N_("E1276: Illegal map mode string: '%s'"));
+ # if !defined(FEAT_JOB_CHANNEL)
+ EXTERN char e_channel_job_feature_not_available[]
+ INIT(= N_("E1277: Channel and job feature is not available"));
+ # endif
#endif
*** ../vim-8.2.4862/src/vim9compile.c 2022-04-25 12:43:15.175819215 +0100
--- src/vim9compile.c 2022-05-04 16:42:36.053500087 +0100
***************
*** 2293,2331 ****
}
else
{
// variables are always initialized
if (GA_GROW_FAILS(instr, 1))
goto theend;
switch (lhs.lhs_member_type->tt_type)
{
case VAR_BOOL:
! generate_PUSHBOOL(cctx, VVAL_FALSE);
break;
case VAR_FLOAT:
#ifdef FEAT_FLOAT
! generate_PUSHF(cctx, 0.0);
#endif
break;
case VAR_STRING:
! generate_PUSHS(cctx, NULL);
break;
case VAR_BLOB:
! generate_PUSHBLOB(cctx, blob_alloc());
break;
case VAR_FUNC:
! generate_PUSHFUNC(cctx, NULL, &t_func_void);
break;
case VAR_LIST:
! generate_NEWLIST(cctx, 0, FALSE);
break;
case VAR_DICT:
! generate_NEWDICT(cctx, 0, FALSE);
break;
case VAR_JOB:
! generate_PUSHJOB(cctx);
break;
case VAR_CHANNEL:
! generate_PUSHCHANNEL(cctx);
break;
case VAR_NUMBER:
case VAR_UNKNOWN:
--- 2293,2333 ----
}
else
{
+ int r = OK;
+
// variables are always initialized
if (GA_GROW_FAILS(instr, 1))
goto theend;
switch (lhs.lhs_member_type->tt_type)
{
case VAR_BOOL:
! r = generate_PUSHBOOL(cctx, VVAL_FALSE);
break;
case VAR_FLOAT:
#ifdef FEAT_FLOAT
! r = generate_PUSHF(cctx, 0.0);
#endif
break;
case VAR_STRING:
! r = generate_PUSHS(cctx, NULL);
break;
case VAR_BLOB:
! r = generate_PUSHBLOB(cctx, blob_alloc());
break;
case VAR_FUNC:
! r = generate_PUSHFUNC(cctx, NULL, &t_func_void);
break;
case VAR_LIST:
! r = generate_NEWLIST(cctx, 0, FALSE);
break;
case VAR_DICT:
! r = generate_NEWDICT(cctx, 0, FALSE);
break;
case VAR_JOB:
! r = generate_PUSHJOB(cctx);
break;
case VAR_CHANNEL:
! r = generate_PUSHCHANNEL(cctx);
break;
case VAR_NUMBER:
case VAR_UNKNOWN:
***************
*** 2343,2352 ****
else
{
instr_count = instr->ga_len;
! generate_PUSHNR(cctx, 0);
}
break;
}
}
if (var_count == 0)
end = p;
--- 2345,2356 ----
else
{
instr_count = instr->ga_len;
! r = generate_PUSHNR(cctx, 0);
}
break;
}
+ if (r == FAIL)
+ goto theend;
}
if (var_count == 0)
end = p;
*** ../vim-8.2.4862/src/testdir/test_vim9_script.vim 2022-05-04 16:24:54.182341138 +0100
--- src/testdir/test_vim9_script.vim 2022-05-04 16:45:15.425386277 +0100
***************
*** 4132,4139 ****
var Var_func: func
var var_string: string
var var_blob: blob
! var var_job: job
! var var_channel: channel
var var_list: list<any>
var var_dict: dict<any>

--- 4132,4141 ----
var Var_func: func
var var_string: string
var var_blob: blob
! if has('job')
! var var_job: job
! var var_channel: channel
! endif
var var_list: list<any>
var var_dict: dict<any>

***************
*** 4144,4151 ****
echo Var_func
echo var_string
echo var_blob
! echo var_job
! echo var_channel
echo var_list
echo var_dict
redir END
--- 4146,4158 ----
echo Var_func
echo var_string
echo var_blob
! if has('job')
! echo var_job
! echo var_channel
! else
! echo 'no process'
! echo 'channel fail'
! endif
echo var_list
echo var_dict
redir END
*** ../vim-8.2.4862/src/version.c 2022-05-04 16:24:54.182341138 +0100
--- src/version.c 2022-05-04 16:29:49.002082547 +0100
***************
*** 748,749 ****
--- 748,751 ----
{ /* Add new patch number below this line */
+ /**/
+ 4863,
/**/

--
From "know your smileys":
:-E Has major dental problems

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///

Dominique Pellé

unread,
May 6, 2022, 7:52:19 AM5/6/22
to vim_dev
Bram Moolenaar wrote:

> Patch 8.2.4863
> Problem: Accessing freed memory in test without the +channel feature.
> (Dominique Pellé)
> Solution: Do not generted PUSHCHANNEL or PUSHJOB if they are not
> implemented. (closes #10350)
> Files: src/vim9instr.c, src/errors.h, src/vim9compile.c,
> src/testdir/test_vim9_script.vim

Hi

Patch 8.2.4863 fixes the heap-use-after-free bug.
However, the test `Test_echo_uninit_variables` still fail
on Linux x86_64 when vim-8.2.4882 is built without the
channel feature:

$ ./configure --with-features=huge --enable-gui=none --disable-channel
$ make -j8
$ make test_vim9_script
...snip...
Executed 116 tests in 6.144727 seconds
1 FAILED:
Found errors in Test_echo_uninit_variables():
Caught exception in Test_echo_uninit_variables(): Vim(call):E1277:
Channel and job feature is not available @ command line..script
/home/dope/sb/vim/src/testdir/runtest.vim[459]..function
RunTheTest[44]..Test_echo_uninit_variables, line 9
SKIPPED Test_debug_running_out_of_lines(): cannot run Vim in a terminal window
SKIPPED Test_debug_with_lambda(): cannot run Vim in a terminal window
SKIPPED Test_define_func_at_command_line(): cannot run Vim in a terminal window
SKIPPED Test_misplaced_type(): cannot run Vim in a terminal window
SKIPPED Test_no_redraw_when_restoring_cpo(): cannot make screendumps
SKIPPED Test_no_unknown_error_after_error(): not unix of missing +job feature
SKIPPED Test_reject_declaration(): cannot make screendumps
SKIPPED Test_vim9_comment_gui(): cannot start the GUI
make[1]: *** [Makefile:66: test_vim9_script] Error 1
make[1]: Leaving directory '/home/dope/sb/vim/src/testdir'
make: *** [Makefile:2288: test_vim9_script] Error 2

Bram Moolenaar

unread,
May 6, 2022, 8:28:19 AM5/6/22
to vim...@googlegroups.com, Dominique Pellé

Dominique wrote:

> Bram Moolenaar wrote:
>
> > Patch 8.2.4863
> > Problem: Accessing freed memory in test without the +channel feature.
> > (Dominique Pell=C3=A9)
> > Solution: Do not generted PUSHCHANNEL or PUSHJOB if they are not
> > implemented. (closes #10350)
> > Files: src/vim9instr.c, src/errors.h, src/vim9compile.c,
> > src/testdir/test_vim9_script.vim
>
> Hi
>
> Patch 8.2.4863 fixes the heap-use-after-free bug.
> However, the test `Test_echo_uninit_variables` still fail
> on Linux x86_64 when vim-8.2.4882 is built without the
> channel feature:

I'll add another condition.

--
Nobody will ever need more than 640 kB RAM.
-- Bill Gates, 1983
Windows 98 requires 16 MB RAM.
-- Bill Gates, 1999
Logical conclusion: Nobody will ever need Windows 98.
Reply all
Reply to author
Forward
0 new messages