search

nvim-telescope / telescope-fzf-native.nvim

FZF sorter for telescope written in c
1.36k stars 45 forks source link

Double free when WinLeave autocommand throws error #71

Closed zeertzjq closed 2 years ago

zeertzjq commented 2 years ago

Context: https://github.com/neovim/neovim/issues/18817

Run Nvim with the following minimal Lua config:

vim.cmd([[set rtp+=~/.local/share/nvim/site/pack/packer/start/plenary.nvim/]])
vim.cmd([[set rtp+=~/.local/share/nvim/site/pack/packer/start/telescope.nvim/]])
vim.cmd([[set rtp+=~/.local/share/nvim/site/pack/packer/start/telescope-fzf-native.nvim/]])
require("telescope").setup({})
require("telescope").load_extension("fzf")
vim.cmd([[autocmd WinLeave * if winheight(0) == 1 | throw 'foo' | endif]])
  1. Open Telescope
  2. Press Ctrl-C
  3. Press Enter
  4. Press i
  5. Press Ctrl-C
  6. Double free

ASAN log:

=================================================================
==2345286==ERROR: AddressSanitizer: SEGV on unknown address 0x000036800007 (pc 0x55b841bdc889 bp 0x000036800017 sp 0x7ffefeec3e50 T0)
==2345286==The signal is caused by a WRITE memory access.
    #0 0x55b841bdc889 in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (**/build/bin/nvim+0xbf9889)
    #1 0x55b841c7e75b in __interceptor_free (**/build/bin/nvim+0xc9b75b)
    #2 0x7efe3150c097 in fzf_free_pattern (/home/zeertzjq/.local/share/nvim/site/pack/packer/start/telescope-fzf-native.nvim//lua/../build/libfzf.so+0x4097)
    #3 0x55b84358a8f8 in lj_vm_ffi_call (**/build/bin/nvim+0x25a78f8)
    #4 0x55b8435bb1be in lj_ccall_func **/.deps/build/src/luajit/src/lj_ccall.c:1167:5
    #5 0x55b843584423 in lj_cf_ffi_meta___call **/.deps/build/src/luajit/src/lib_ffi.c:230:15
    #6 0x55b8435884e5 in lj_BC_FUNCC (**/build/bin/nvim+0x25a54e5)
    #7 0x55b843570f6a in lua_pcall **/.deps/build/src/luajit/src/lj_api.c:1145:12
    #8 0x55b8427a70ed in nlua_pcall **/src/nvim/lua/executor.c:130:16
    #9 0x55b8427a6861 in nlua_typval_exec **/src/nvim/lua/executor.c:1232:7
    #10 0x55b8427aa21d in ex_lua **/src/nvim/lua/executor.c:1425:3
    #11 0x55b842456af1 in do_one_cmd **/src/nvim/ex_docmd.c:2362:5
    #12 0x55b842445615 in do_cmdline **/src/nvim/ex_docmd.c:592:20
    #13 0x55b8420df984 in insert_handle_key **/src/nvim/edit.c:1049:5
    #14 0x55b842099452 in insert_execute **/src/nvim/edit.c:836:10
    #15 0x55b8430dde4e in state_enter **/src/nvim/state.c:88:26
    #16 0x55b8420a086a in insert_enter **/src/nvim/edit.c:494:5
    #17 0x55b842095629 in edit **/src/nvim/edit.c:1429:3
    #18 0x55b842aa72be in invoke_edit **/src/nvim/normal.c:6891:7
    #19 0x55b842a745c0 in nv_edit **/src/nvim/normal.c:6868:5
    #20 0x55b842a5e597 in normal_execute **/src/nvim/normal.c:1158:3
    #21 0x55b8430dde4e in state_enter **/src/nvim/state.c:88:26
    #22 0x55b842a3574a in normal_enter **/src/nvim/normal.c:450:3
    #23 0x55b8427d29cc in main **/src/nvim/main.c:569:3
    #24 0x7efe325fe28f  (/usr/lib/libc.so.6+0x2928f)
    #25 0x7efe325fe349 in __libc_start_main (/usr/lib/libc.so.6+0x29349)
    #26 0x55b841bd3dc4 in _start /build/glibc/src/glibc/csu/../sysdeps/x86_64/start.S:115

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (**/build/bin/nvim+0xbf9889) in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType)
==2345286==ABORTING
Conni2461 commented 2 years ago

Does this help https://github.com/nvim-telescope/telescope-fzf-native.nvim/pull/72 ?

zeertzjq commented 2 years ago

Yes this fixed the double free.

Conni2461 commented 2 years ago

thanks for reporting and testing :)