From bbb363f4bcfb56f8e60afff5f6f65cfe9e860252 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Fri, 17 Nov 2023 09:15:38 +0800 Subject: [PATCH] vim-patch:partial:9.0.1859: heap-use-after-free in bt_normal() Problem: heap-use-after-free in bt_normal() Solution: check that buffer is still valid https://github.com/vim/vim/commit/6e60cf444a8839ca1694319bf9a82e7b097e5c4d Test change only. Co-authored-by: Christian Brabandt --- test/old/testdir/crash/bt_quickfix1_poc | 5 +++++ test/old/testdir/test_crash.vim | 10 ++++++++++ 2 files changed, 15 insertions(+) create mode 100644 test/old/testdir/crash/bt_quickfix1_poc diff --git a/test/old/testdir/crash/bt_quickfix1_poc b/test/old/testdir/crash/bt_quickfix1_poc new file mode 100644 index 0000000000..97993fde52 --- /dev/null +++ b/test/old/testdir/crash/bt_quickfix1_poc @@ -0,0 +1,5 @@ +au BufReadPre * exe 'sn' .. expand("") +call writefile([''],'X') +sil! e X +call writefile([''],'X') +sil! e X diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim index 27bf7b55d4..8deb79702b 100644 --- a/test/old/testdir/test_crash.vim +++ b/test/old/testdir/test_crash.vim @@ -49,6 +49,15 @@ func Test_crash1() call TermWait(buf, 100) + let file = 'crash/bt_quickfix1_poc' + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args .. + \ ' && echo "crash 6: [OK]" >> X_crash1_result.txt' .. "\") + " clean up + call delete('X') + " This test takes a bit longer + call TermWait(buf, 200) + " clean up exe buf .. "bw!" @@ -60,6 +69,7 @@ func Test_crash1() \ 'crash 3: [OK]', \ 'crash 4: [OK]', \ 'crash 5: [OK]', + \ 'crash 6: [OK]', \ ] call assert_equal(expected, getline(1, '$'))