diff options
| author | Johannes Altmanninger <aclopte@gmail.com> | 2024-04-21 20:18:28 +0200 |
|---|---|---|
| committer | Maxime Coste <mawww@kakoune.org> | 2024-04-27 16:29:57 +1000 |
| commit | aad0c7cef84990595cdb649b679063da9e8cb581 (patch) | |
| tree | 6700854f0f85a92a529203d1f95eb68f943ee52f /src/input_handler.cc | |
| parent | ab2ecf423e49a9797601379bbc5141d7301ac2fb (diff) | |
Don't capture local-scoped faces in prompt
ASan shows that we resolve a face spec owned by a freed stack variable.
=================================================================
==2263300==ERROR: AddressSanitizer: stack-use-after-return on address 0x7a9316c33918 at pc 0x633ea421d8ea bp 0x7ffca001e980 sp 0x7ffca001e970
READ of size 8 at 0x7a9316c33918 thread T0
...
#6 0x633ea421d8e9 in Kakoune::FaceRegistry::resolve_spec(Kakoune::FaceSpec const&) const src/face_registry.cc:128
...
Address 0x7a9316c33918 is located in stack of thread T0 at offset 2328 in frame
#0 0x633ea427a095 in operator() src/commands.cc:2267
This frame has 26 object(s):
[32, 36) '<unknown>'
...
[544, 560) 'disable_hooks' (line 2269)
...
[928, 2432) 'local_scope' (line 2271) <== Memory access at offset 2328 is inside this variable
Diffstat (limited to 'src/input_handler.cc')
| -rw-r--r-- | src/input_handler.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/input_handler.cc b/src/input_handler.cc index e11740c7..99fb684e 100644 --- a/src/input_handler.cc +++ b/src/input_handler.cc @@ -657,7 +657,8 @@ public: : InputMode(input_handler), m_callback(std::move(callback)), m_completer(std::move(completer)), m_prompt(prompt.str()), m_prompt_face(face), m_empty_text{std::move(emptystr)}, - m_line_editor{context().faces()}, m_flags(flags), + // This prompt may outlive local scopes so ignore local faces. + m_line_editor{context().faces(false)}, m_flags(flags), m_was_interactive{not context().noninteractive()}, m_history{RegisterManager::instance()[history_register]}, m_current_history{-1}, |