diff options
author | Christian Brabandt <cb@256bit.org> | 2023-11-14 19:31:34 +0100 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2023-11-16 22:04:00 +0100 |
commit | 25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a (patch) | |
tree | 9b56e90635d6bc6b124bda1d179348bcd6a2cf8d /src/testdir/test_crash.vim | |
parent | 67abf1592c83c910c7815478f67e0a8989d51417 (diff) |
patch 9.0.2106: [security]: Use-after-free in win_close()v9.0.2106
Problem: [security]: Use-after-free in win_close()
Solution: Check window is valid, before accessing it
If the current window structure is no longer valid (because a previous
autocommand has already freed this window), fail and return before
attempting to set win->w_closing variable.
Add a test to trigger ASAN in CI
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/testdir/test_crash.vim')
-rw-r--r-- | src/testdir/test_crash.vim | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim index 5cd07e2a3f..b093b053c5 100644 --- a/src/testdir/test_crash.vim +++ b/src/testdir/test_crash.vim @@ -110,6 +110,39 @@ func Test_crash1() call delete('X_crash1_result.txt') endfunc +func Test_crash1_2() + CheckNotBSD + CheckExecutable dash + + " The following used to crash Vim + let opts = #{cmd: 'sh'} + let vim = GetVimProg() + let result = 'X_crash1_1_result.txt' + + let buf = RunVimInTerminal('sh', opts) + + let file = 'crash/poc1' + let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'" + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args .. + \ ' && echo "crash 1: [OK]" > '.. result .. "\<cr>") + call TermWait(buf, 150) + + " clean up + exe buf .. "bw!" + + exe "sp " .. result + + let expected = [ + \ 'crash 1: [OK]', + \ ] + + call assert_equal(expected, getline(1, '$')) + bw! + + call delete(result) +endfunc + func Test_crash2() " The following used to crash Vim let opts = #{wait_for_ruler: 0, rows: 20} |