To: vim-dev@vim.org
Subject: Patch 7.2.132
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------
Patch 7.2.132
Problem: When changing directory during a SwapExists autocmd freed memory
may be accessed. (Dominique Pelle)
Solution: Add the allbuf_lock flag.
Files: src/ex_getln.c, src/globals.h, src/fileio.c,
src/proto/ex_getln.pro
*** ../vim-7.2.131/src/ex_getln.c Mon Mar 2 02:11:09 2009
--- src/ex_getln.c Mon Mar 2 00:53:39 2009
***************
*** 2000,2007 ****
#if defined(FEAT_AUTOCMD) || defined(PROTO)
/*
! * Check if "curbuf_lock" is set and return TRUE when it is and give an error
! * message.
*/
int
curbuf_locked()
--- 2000,2007 ----
#if defined(FEAT_AUTOCMD) || defined(PROTO)
/*
! * Check if "curbuf_lock" or "allbuf_lock" is set and return TRUE when it is
! * and give an error message.
*/
int
curbuf_locked()
***************
*** 2011,2016 ****
--- 2011,2031 ----
EMSG(_("E788: Not allowed to edit another buffer now"));
return TRUE;
}
+ return allbuf_locked();
+ }
+
+ /*
+ * Check if "allbuf_lock" is set and return TRUE when it is and give an error
+ * message.
+ */
+ int
+ allbuf_locked()
+ {
+ if (allbuf_lock > 0)
+ {
+ EMSG(_("E811: Not allowed to change buffer information now"));
+ return TRUE;
+ }
return FALSE;
}
#endif
*** ../vim-7.2.131/src/globals.h Mon Mar 2 02:44:54 2009
--- src/globals.h Mon Mar 2 02:40:16 2009
***************
*** 619,624 ****
--- 619,629 ----
EXTERN int curbuf_lock INIT(= 0);
/* non-zero when the current buffer can't be
* changed. Used for FileChangedRO. */
+ EXTERN int allbuf_lock INIT(= 0);
+ /* non-zero when no buffer name can be
+ * changed, no buffer can be deleted and
+ * current directory can't be changed.
+ * Used for SwapExists et al. */
#endif
#ifdef FEAT_EVAL
# define HAVE_SANDBOX
*** ../vim-7.2.131/src/fileio.c Wed Dec 31 16:20:54 2008
--- src/fileio.c Sun Mar 1 23:37:10 2009
***************
*** 69,75 ****
static int au_find_group __ARGS((char_u *name));
# define AUGROUP_DEFAULT -1 /* default autocmd group */
! # define AUGROUP_ERROR -2 /* errornouse autocmd group */
# define AUGROUP_ALL -3 /* all autocmd groups */
#endif
--- 69,75 ----
static int au_find_group __ARGS((char_u *name));
# define AUGROUP_DEFAULT -1 /* default autocmd group */
! # define AUGROUP_ERROR -2 /* erroneous autocmd group */
# define AUGROUP_ALL -3 /* all autocmd groups */
#endif
***************
*** 144,150 ****
# endif
#endif
static int move_lines __ARGS((buf_T *frombuf, buf_T *tobuf));
!
void
filemess(buf, name, s, attr)
--- 144,152 ----
# endif
#endif
static int move_lines __ARGS((buf_T *frombuf, buf_T *tobuf));
! #ifdef FEAT_AUTOCMD
! static char *e_auchangedbuf = N_("E812: Autocommands changed buffer or buffer name");
! #endif
void
filemess(buf, name, s, attr)
***************
*** 295,300 ****
--- 297,315 ----
int conv_restlen = 0; /* nr of bytes in conv_rest[] */
#endif
+ #ifdef FEAT_AUTOCMD
+ /* Remember the initial values of curbuf, curbuf->b_ffname and
+ * curbuf->b_fname to detect whether they are altered as a result of
+ * executing nasty autocommands. Also check if "fname" and "sfname"
+ * point to one of these values. */
+ buf_T *old_curbuf = curbuf;
+ char_u *old_b_ffname = curbuf->b_ffname;
+ char_u *old_b_fname = curbuf->b_fname;
+ int using_b_ffname = (fname == curbuf->b_ffname)
+ || (sfname == curbuf->b_ffname);
+ int using_b_fname = (fname == curbuf->b_fname)
+ || (sfname == curbuf->b_fname);
+ #endif
write_no_eol_lnum = 0; /* in case it was set by the previous read */
/*
***************
*** 589,595 ****
--- 604,624 ----
#ifdef FEAT_QUICKFIX
if (!bt_dontwrite(curbuf))
#endif
+ {
check_need_swap(newfile);
+ #ifdef FEAT_AUTOCMD
+ /* SwapExists autocommand may mess things up */
+ if (curbuf != old_curbuf
+ || (using_b_ffname
+ && (old_b_ffname != curbuf->b_ffname))
+ || (using_b_fname
+ && (old_b_fname != curbuf->b_fname)))
+ {
+ EMSG(_(e_auchangedbuf));
+ return FAIL;
+ }
+ #endif
+ }
if (dir_of_file_exists(fname))
filemess(curbuf, sfname, (char_u *)_("[New File]"), 0);
else
***************
*** 668,673 ****
--- 697,713 ----
#endif
{
check_need_swap(newfile);
+ #ifdef FEAT_AUTOCMD
+ if (!read_stdin && (curbuf != old_curbuf
+ || (using_b_ffname && (old_b_ffname != curbuf->b_ffname))
+ || (using_b_fname && (old_b_fname != curbuf->b_fname))))
+ {
+ EMSG(_(e_auchangedbuf));
+ if (!read_buffer)
+ close(fd);
+ return FAIL;
+ }
+ #endif
#ifdef UNIX
/* Set swap file protection bits after creating it. */
if (swap_mode > 0 && curbuf->b_ml.ml_mfp->mf_fname != NULL)
***************
*** 698,704 ****
{
int m = msg_scroll;
int n = msg_scrolled;
- buf_T *old_curbuf = curbuf;
/*
* The file must be closed again, the autocommands may want to change
--- 738,743 ----
***************
*** 740,747 ****
--- 779,791 ----
/*
* Don't allow the autocommands to change the current buffer.
* Try to re-open the file.
+ *
+ * Don't allow the autocommands to change the buffer name either
+ * (cd for example) if it invalidates fname or sfname.
*/
if (!read_stdin && (curbuf != old_curbuf
+ || (using_b_ffname && (old_b_ffname != curbuf->b_ffname))
+ || (using_b_fname && (old_b_fname != curbuf->b_fname))
|| (fd = mch_open((char *)fname, O_RDONLY | O_EXTRA, 0)) < 0))
{
--no_wait_return;
***************
*** 6320,6326 ****
if (!stuff_empty() || global_busy || !typebuf_typed()
#ifdef FEAT_AUTOCMD
! || autocmd_busy || curbuf_lock > 0
#endif
)
need_check_timestamps = TRUE; /* check later */
--- 6364,6370 ----
if (!stuff_empty() || global_busy || !typebuf_typed()
#ifdef FEAT_AUTOCMD
! || autocmd_busy || curbuf_lock > 0 || allbuf_lock > 0
#endif
)
need_check_timestamps = TRUE; /* check later */
***************
*** 6522,6529 ****
--- 6566,6575 ----
set_vim_var_string(VV_FCS_REASON, (char_u *)reason, -1);
set_vim_var_string(VV_FCS_CHOICE, (char_u *)"", -1);
# endif
+ ++allbuf_lock;
n = apply_autocmds(EVENT_FILECHANGEDSHELL,
buf->b_fname, buf->b_fname, FALSE, buf);
+ --allbuf_lock;
busy = FALSE;
if (n)
{
*** ../vim-7.2.131/src/proto/ex_getln.pro Fri Nov 28 10:59:57 2008
--- src/proto/ex_getln.pro Sun Mar 1 00:27:12 2009
***************
*** 4,9 ****
--- 4,10 ----
int text_locked __ARGS((void));
void text_locked_msg __ARGS((void));
int curbuf_locked __ARGS((void));
+ int allbuf_locked __ARGS((void));
char_u *getexline __ARGS((int c, void *dummy, int indent));
char_u *getexmodeline __ARGS((int promptc, void *dummy, int indent));
int cmdline_overstrike __ARGS((void));
*** ../vim-7.2.131/src/version.c Wed Mar 4 04:11:56 2009
--- src/version.c Thu Mar 5 03:08:54 2009
***************
*** 678,679 ****
--- 678,681 ----
{ /* Add new patch number below this line */
+ /**/
+ 132,
/**/
--
hundred-and-one symptoms of being an internet addict:
168. You have your own domain name.
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
