Crash when moving cursor in Ex Command Menu

Question

Crash when moving cursor in Ex Command Menu

GChicha opened this issue 5 years ago · 1 comments

I made a test to reproduce the error described in onivim/oni2#1554

  describe("CommandLineError", ({test, _}) =>
    test("simple command line", ({expect}) => {
      let _ = reset();
      input(":");
      expect.int(CommandLine.getPosition()).toBe(0);

      input("e");
      expect.int(CommandLine.getPosition()).toBe(1);

      input(" ");
      expect.int(CommandLine.getPosition()).toBe(2);

      input("<Left>");
      expect.int(CommandLine.getPosition()).toBe(1);

      expect.int(Array.length(CommandLine.getCompletions())).toBe(20);
    })
  );

The output got from previous test is the following

SUMMARY: AddressSanitizer: negative-size-param /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:476 in __interceptor_strncpy

I will try to submit a PR if I manage to solve

Answer 1 · 2020-04-05T20:59:57.000Z

I've identified that the error is throwing from libvim, more specifically at

https://github.com/onivim/libvim/blob/da64d8aa23141799cc30f209ef669b708093a0b1/src/ex_getln.c#L5315

For some reason the expand_cmdline function is getting a wrong pattern at xp->xp_pattern, so it can't calculate the right length

https://github.com/onivim/libvim/blob/da64d8aa23141799cc30f209ef669b708093a0b1/src/ex_getln.c#L5485