Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] term_close use-after-free #4760

Merged
merged 2 commits into from May 16, 2016
Merged

[RFC] term_close use-after-free #4760

merged 2 commits into from May 16, 2016

Conversation

justinmk
Copy link
Member

References #4393

@justinmk justinmk changed the title [WIP] test: term_close use-after-free [WIP] term_close use-after-free May 15, 2016
@marvim marvim added the WIP label May 15, 2016
@justinmk justinmk force-pushed the term-use-after-free branch 3 times, most recently from c6ebb93 to f315687 Compare May 15, 2016 23:19
@justinmk justinmk changed the title [WIP] term_close use-after-free [RFC] term_close use-after-free May 15, 2016
@justinmk
Copy link
Member Author

cc @oni-link

@justinmk
Copy link
Member Author

justinmk commented May 15, 2016
edited

After this change the following test (from #4766) provokes a SEGV in ASan (in other words, the symptom of #4766 has changed):

  it('with bufhidden=delete #3958', function()
     execute('set hidden')
     eq(1, eval('&hidden'))
     execute('autocmd BufNew * setlocal bufhidden=delete')
     for _ = 1, 5 do
       source([[
         execute 'edit '.reltimestr(reltime())
         terminal]])
     end
   end)
=================================================================
==27664==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000017 (pc 0x000003e210f7 bp 0x7fff460dbbd0 sp 0x7fff460db930 T0)
    #0 0x3e210f6 in uv_timer_start /home/travis/nvim-deps/build/src/libuv/src/unix/timer.c:84:3
    #1 0x115b78e in process_stop /home/travis/build/neovim/neovim/src/nvim/event/process.c:255:5
    #2 0xea99a8 in term_close /home/travis/build/neovim/neovim/src/nvim/eval.c:21721:5
    #3 0x3abf3ab in terminal_close /home/travis/build/neovim/neovim/src/nvim/terminal.c:321:7
    #4 0x6d9355 in close_buffer /home/travis/build/neovim/neovim/src/nvim/buffer.c:393:5
    #5 0x207da55 in free_all_mem /home/travis/build/neovim/neovim/src/nvim/memory.c:570:5
    #6 0x29b4614 in mch_exit /home/travis/build/neovim/neovim/src/nvim/os_unix.c:151:3
    #7 0x233d77c in exit_event /home/travis/build/neovim/neovim/src/nvim/msgpack_rpc/channel.c:664:5
    #8 0x1191582 in queue_process_events /home/travis/build/neovim/neovim/src/nvim/event/queue.c:142:7
    #9 0x113d1d4 in loop_poll_events /home/travis/build/neovim/neovim/src/nvim/event/loop.c:56:3
    #10 0x2984a12 in os_breakcheck /home/travis/build/neovim/neovim/src/nvim/os/input.c:150:5
    #11 0x1a7204f in vgetorpeek /home/travis/build/neovim/neovim/src/nvim/getchar.c:1695:11
    #12 0x1a679d7 in vpeekc /home/travis/build/neovim/neovim/src/nvim/getchar.c:1543:10
    #13 0x1a99eda in char_avail /home/travis/build/neovim/neovim/src/nvim/getchar.c:1570:12
    #14 0x3823316 in state_enter /home/travis/build/neovim/neovim/src/nvim/state.c:30:9
    #15 0x23e5074 in normal_enter /home/travis/build/neovim/neovim/src/nvim/normal.c:464:3
    #16 0x1cfe377 in main /home/travis/build/neovim/neovim/src/nvim/main.c:538:3
    #17 0x2ba75274176c in __libc_start_main /build/eglibc-rrybNj/eglibc-2.15/csu/libc-start.c:226
    #18 0x46b268 in _start (/home/travis/build/neovim/neovim/build/bin/nvim+0x46b268)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/travis/nvim-deps/build/src/libuv/src/unix/timer.c:84 uv_timer_start
==27664==ABORTING

@marvim marvim added RFC and removed WIP labels May 16, 2016
@justinmk
Copy link
Member Author

Build passed. Since I confirmed that the test reliably reproduces #4393, it's fair to say @oni-link's patch fixes that issue.

So the behavior in #4760 (comment) may actually be progress in the sense that it moves the problem in #4766 (comment) to mch_exit().

@justinmk justinmk merged commit 082abb7 into neovim:master May 16, 2016
@justinmk justinmk deleted the term-use-after-free branch May 16, 2016 00:33
@justinmk justinmk removed the RFC label May 16, 2016
@justinmk justinmk mentioned this pull request May 16, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@justinmk @marvim @oni-link