averello/vim-mirror
1
0
Fork 0
mirror of https://github.com/vim/vim.git synced 2026-06-10 15:37:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

patch 9.2.0594: Use-after-free with ":wqall" and a running terminal job

Browse Source 
Problem:  Using ":wqall" with a running terminal buffer can free the
          buffer that is currently being iterated over in the buffer
          list, resulting in a use-after-free (after v9.2.0593).
Solution: After stopping the job, check whether the buffer is still valid
          and restart the iteration from the first buffer if it was freed
          (Hirohito Higashi).

related: #20417
closes:  #20423

Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Hirohito Higashi
2026-06-04 19:25:50 +00:00
committed by Christian Brabandt
parent 2271d062e5
commit 3ba82a5e48
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ex_cmds.c
+6
View File
@@ -2515,11 +2515,17 @@ do_wqall(exarg_T *eap)
#ifdef FEAT_TERMINAL
if (exiting && !eap->forceit && term_job_running(buf->b_term))
{
bufref_T bufref;
set_bufref(&bufref, buf);
if (term_try_stop_job(buf) == FAIL)
{
no_write_message_buf(buf);
++error;
}
// Stopping the job may have freed the terminal buffer.
else if (!bufref_valid(&bufref))
buf = firstbuf;
}
else
#endif
src/version.c
+2
View File
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
594,
/**/
593,
/**/