Skip to content

os_stat: return ENOENT on NULL filename arg #7140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 10, 2017
Merged

os_stat: return ENOENT on NULL filename arg #7140

merged 2 commits into from
Aug 10, 2017

Conversation

justinmk
Copy link
Member

@justinmk justinmk commented Aug 9, 2017

Closes #4370

In the backtrace in #4370, we see that `buf_write()` was called with
non-NULL `fname` and `sfname` arguments, but they've since _become_
NULL.

#7  0x00000000004de09d in buf_write (buf=0x1dee040, fname=0x0, fname@entry=0x1e985b0 "/home/sean/src/github.com/snczl/virta/pkg/meld/segment.go",
                                     sfname=0x0, sfname@entry=0x1ddfa60 "segment.go", start=1, end=72, eap=eap@entry=0x7ffc6b032e60, append=0,
                                     forceit=0, reset_changed=1, filtering=0)
at /home/travis/build/neovim/bot-ci/build/neovim/src/nvim/fileio.c:2576

This is most likely due to the code that restores those values from
`buf`, which happens just before the fatal call to `os_fileinfo`

```c
    /*
     * The autocommands may have changed the name of the buffer, which may
     * be kept in fname, ffname and sfname.
     */
    if (buf_ffname)
      ffname = buf->b_ffname;
    if (buf_sfname)
      sfname = buf->b_sfname;
    if (buf_fname_f)
      fname = buf->b_ffname;
    if (buf_fname_s)
      fname = buf->b_sfname;
```

It's worth noting that at this point `ffname` is still non-NULL, so
it _could_ be used.  However, our current code is purely more strict
than Vim in this area, which has caused us problems before (e.g.,
`getdigits()`).  The commentary for `struct file_buffer` clearly
indicate that all of `b_ffname`, `b_sfname`, and `b_fname` may be
NULL:

```c
  /*
   * b_ffname has the full path of the file (NULL for no name).
   * b_sfname is the name as the user typed it (or NULL).
   * b_fname is the same as b_sfname, unless ":cd" has been done,
   *		then it is the same as b_ffname (NULL for no name).
   */
  char_u      *b_ffname;        /* full path file name */
  char_u      *b_sfname;        /* short file name */
  char_u      *b_fname;         /* current file name */
```

Vim directly calls `stat(2)` which, although it is annotated to tell
the compiler that the path argument is non-NULL, does handle a NULL
pointer by returning a `-1` value and setting `errno` to `EFAULT`.
This satisfies Vim's check, since it treats any `-1` return from
`stat(2)` to mean the file doesn't exist (at least in this code
path).

Note that Vim's mch_stat() implementations on win32 and solaris
clearly cannot accept NULL `name`. But the codepaths that call
mch_stat will NULL `name` tend to be unix-only! For example,
`u_read_undo()`.

@jamessan @justinmk
os_stat: return ENOENT on NULL filename arg
ac055d6 
Closes neovim#4370

Explication:

    In the backtrace in neovim#4370, we see that `buf_write()` was called with
    non-NULL `fname` and `sfname` arguments, but they've since _become_
    NULL.

    neovim#7  0x00000000004de09d in buf_write (buf=0x1dee040, fname=0x0, fname@entry=0x1e985b0 "/home/sean/src/github.com/snczl/virta/pkg/meld/segment.go",
                                         sfname=0x0, sfname@entry=0x1ddfa60 "segment.go", start=1, end=72, eap=eap@entry=0x7ffc6b032e60, append=0,
                                         forceit=0, reset_changed=1, filtering=0)
    at /home/travis/build/neovim/bot-ci/build/neovim/src/nvim/fileio.c:2576

    This is most likely due to the code that restores those values from
    `buf`, which happens just before the fatal call to `os_fileinfo`

    ```c
        /*
         * The autocommands may have changed the name of the buffer, which may
         * be kept in fname, ffname and sfname.
         */
        if (buf_ffname)
          ffname = buf->b_ffname;
        if (buf_sfname)
          sfname = buf->b_sfname;
        if (buf_fname_f)
          fname = buf->b_ffname;
        if (buf_fname_s)
          fname = buf->b_sfname;
    ```

    It's worth noting that at this point `ffname` is still non-NULL, so
    it _could_ be used.  However, our current code is purely more strict
    than Vim in this area, which has caused us problems before (e.g.,
    `getdigits()`).  The commentary for `struct file_buffer` clearly
    indicate that all of `b_ffname`, `b_sfname`, and `b_fname` may be
    NULL:

    ```c
      /*
       * b_ffname has the full path of the file (NULL for no name).
       * b_sfname is the name as the user typed it (or NULL).
       * b_fname is the same as b_sfname, unless ":cd" has been done,
       *		then it is the same as b_ffname (NULL for no name).
       */
      char_u      *b_ffname;        /* full path file name */
      char_u      *b_sfname;        /* short file name */
      char_u      *b_fname;         /* current file name */
    ```

    Vim directly calls `stat(2)` which, although it is annotated to tell
    the compiler that the path argument is non-NULL, does handle a NULL
    pointer by returning a `-1` value and setting `errno` to `EFAULT`.
    This satisfies Vim's check, since it treats any `-1` return from
    `stat(2)` to mean the file doesn't exist (at least in this code
    path).

    Note that Vim's mch_stat() implementations on win32 and solaris
    clearly cannot accept NULL `name`. But the codepaths that call
    mch_stat will NULL `name` tend to be unix-only (eg: u_read_undo)!
@justinmk justinmk force-pushed the os_stat-null branch 2 times, most recently from 817f669 to 0b3305f Compare August 9, 2017 23:48
@justinmk justinmk merged commit de1084f into neovim:master Aug 10, 2017
@justinmk justinmk deleted the os_stat-null branch August 10, 2017 01:59
justinmk added a commit to justinmk/neovim that referenced this pull request Nov 8, 2017
@justinmk
NVIM v0.2.1
c67dd5a 
FEATURES:
0e873a3 Lua(Jit) built-in neovim#4411
5b32bce Windows: `:terminal` neovim#7007
7b0ceb3 UI/API: externalize cmdline neovim#7173
b67f58b UI/API: externalize wildmenu neovim#7454
b23aa1c UI: 'winhighlight' neovim#6597
17531ed UI: command-line coloring (`:help input()-highlight`) neovim#6364
244a1f9 API: execute lua directly from the remote api neovim#6704
45626de API: `get_keymap()` neovim#6236
db99982 API: `nvim_get_hl_by_name()`, `nvim_get_hl_by_id()` neovim#7082
dc68538 menu_get() function neovim#6322
9db42d4 :cquit : take an error code argument neovim#7336
9cc185d job-control: serverstart(): support ipv6 neovim#6680
1b7a9bf job-control: sockopen() neovim#6594
6efe84a clipboard: fallback to tmux clipboard neovim#6894
6016ac2 clipboard: customize clipboard with `g:clipboard` neovim#6030
3a86dd5 ruby: override ruby host via `g:ruby_host_prog` neovim#6841
16cce1a debug: $NVIM_LOG_FILE neovim#6827
0cba3da `:checkhealth` built-in, validates $VIMRUNTIME neovim#7399

FIXES:
105d680 TUI: more terminals, improve scroll/resize neovim#6816
cb912a3 :terminal : handle F1-F12, other keys neovim#7241
619838f inccommand: improve performance neovim#6949
04b3c32 inccommand: Fix matches for zero-width neovim#7487
60b1e8a inccommand: multiline, other fixes neovim#7315
f1f7f3b inccommand: Ignore leading modifiers in the command neovim#6967
1551f71 inccommand: fix 'gdefault' lockup neovim#7262
6338199 API: bufhl: support creating new groups neovim#7414
541dde3 API: allow K_EVENT during operator-pending
8c732f7 terminal: adjust for 'number' neovim#7440
5bec946 UI: preserve wildmenu during jobs/events neovim#7110
c349083 UI: disable 'lazyredraw' during ui_refresh. neovim#6259
51808a2 send FocusGained/FocusLost event instead of pseudokey neovim#7221
133f8bc shada: preserve unnamed register on restart neovim#4700
1b70a1d shada: avoid assertion on corrupt shada file neovim#6958
9f534f3 mksession: Restore tab-local working directory neovim#6859
de1084f fix buf_write() crash neovim#7140
7f76986 syntax: register 'Normal' highlight group neovim#6973
6e7a8c3 RPC: close channel if stream was closed neovim#7081
85f3084 clipboard: disallow recursion; show hint only once neovim#7203
8d1ccb6 clipboard: performance, avoid weird edge-cases neovim#7193
01487d4 'titleold' neovim#7358
01e53a5 Windows: better path-handling, separator (slash) hygiene neovim#7349
0f2873c Windows: multibyte startup arguments neovim#7060

CHANGES:
9ff0cc7 :terminal : start in normal-mode neovim#6808
032b088 lower priority of 'cursorcolumn', 'colorcolumn' neovim#7364
2a3bcd1 RPC: Don't delay notifications when request is pending neovim#6544
023f67c :terminal : Do not change 'number', 'relativenumber' neovim#6796
1ef2d76 socket.c: Disable Nagle's algorithm on TCP sockets neovim#6915
6720fe2 help: `K` tries Vim help instead of manpage neovim#3104
7068370 help, man.vim: change "outline" map to `gO` neovim#7405
@justinmk justinmk mentioned this pull request Nov 8, 2017
Merged
@rcorre rcorre mentioned this pull request Nov 14, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamessan jamessan jamessan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@justinmk @jamessan