Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent nvim_buf_get_name frees buf->b_ffname #89

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Prevent nvim_buf_get_name frees buf->b_ffname #89

wants to merge 1 commit into from

Conversation

tony84727
Copy link

@tony84727 tony84727 commented Nov 5, 2022
edited
Loading

nvim_buf_get_name C API doesn't copy memory but return a String with pointer to buf->b_ffname
rust shouldn't free buf->b_ffname

ref:
https://github.com/neovim/neovim/blob/09dffb9db7d16496e55e86f78ab60241533d86f6/src/nvim/api/buffer.c#L1038
https://github.com/neovim/neovim/blob/09dffb9db7d16496e55e86f78ab60241533d86f6/src/nvim/api/private/helpers.c#L403-L408

Reproduce code

use nvim_oxi as oxi;
use oxi::{Dictionary, Function};

#[oxi::module]
fn buffer_name_double_free_sample() -> oxi::Result<Dictionary> {
    Ok(Dictionary::from_iter([(
        "test",
        Function::from_fn(|()| {
            let buffer = oxi::api::get_current_buf();
            let name = buffer.get_name().unwrap();
            oxi::Result::<String>::Ok(String::from(name.to_str().unwrap()))
        }),
    )]))
}

Calling test function returned by the module twice will get a double free error (found on Mac)

@tony84727
prevent nvim_buf_get_name frees buf->b_ffname
468dc02 
nvim_buf_get_name C API doesn't copy memory but return
a String with pointer to buf->b_ffname
rust shouldn't free buf->b_ffname
tony84727
tony84727 commented Nov 5, 2022
View reviewed changes
crates/nvim-api/src/ffi/buffer.rs
@@ -118,8 +109,7 @@ extern "C" {
) -> Array;

// https://github.com/neovim/neovim/blob/master/src/nvim/api/buffer.c#L1086
pub(crate) fn nvim_buf_get_name(buf: BufHandle, err: *mut Error)
-> String;
pub(crate) fn nvim_buf_get_name(buf: BufHandle, err: *mut Error) -> Str;
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be a breaking change. Str might need to implement some traits. Maybe by duplicating some code from string.rs
The main different between Str and String is the former doesn't implement custom Drop to drop ffi memory.

@krivahtoo krivahtoo mentioned this pull request Feb 27, 2023
Closed
@noib3 noib3 force-pushed the master branch 3 times, most recently from 0278204 to 6f23cf3 Compare April 1, 2023 17:22
@noib3 noib3 force-pushed the master branch 2 times, most recently from 9e63751 to 3f75ed9 Compare April 5, 2023 22:54
@noib3 noib3 force-pushed the main branch 3 times, most recently from e70b241 to 6124b57 Compare October 11, 2023 13:17
@noib3 noib3 force-pushed the main branch 2 times, most recently from a1882fd to c1a89ca Compare December 15, 2023 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tony84727