fix(inccommand): restrict cmdpreview undo calls (#24289)

Problem: The cmdpreview saved undo nodes on cmdpreview_prepare() from ex_getln.c may become invalid (free) if the preview function makes undo operations, causing heap-use-after-free errors. Solution: Save the buffer undo list on cmdpreview_prepare)_ and start a new empty one. On cmdpreview_restore_state(), undo all the entries in the new undo list and restore the original one. With this approach, the preview function will be allowed to undo only its own changes. Fix #20036 Fix #20248
2025-02-25 18:55:25 -06:00 · 2023-07-26 00:22:57 -03:00
parent 74bd4aba57
commit 643bea31b8
2 changed files with 99 additions and 26 deletions
--- a/test/functional/ui/inccommand_user_spec.lua
+++ b/test/functional/ui/inccommand_user_spec.lua
@@ -435,6 +435,28 @@ describe("'inccommand' for user commands", function()
    ]])
    assert_alive()
  end)
+
+  it("no crash if preview callback executes undo", function()
+    command('set inccommand=nosplit')
+    exec_lua([[
+      vim.api.nvim_create_user_command('Foo', function() end, {
+        nargs = '?',
+        preview = function(_, _, _)
+          vim.cmd.undo()
+        end,
+      })
+    ]])
+
+    -- Clear undo history
+    command('set undolevels=-1')
+    feed('ggyyp')
+    command('set undolevels=1000')
+
+    feed('yypp:Fo')
+    assert_alive()
+    feed('<Esc>:Fo')
+    assert_alive()
+  end)
 end)

 describe("'inccommand' with multiple buffers", function()