patch 8.2.3063: crash when switching 'cryptmethod' to xchaha20 with undo file

brammool · brammool · commit 65aee0b714e8 · 2021-06-27T14:08:24.000+02:00
Problem:    Crash when switching 'cryptmethod' to xchaha20 with an existing
            undo file. (Martin Tournoij)
Solution:   Disable reading undo file when decoding can't be done inplace.
            (issue #8467)
diff --git a/src/bufwrite.c b/src/bufwrite.c
@@ -494,14 +494,16 @@ buf_write_bytes(struct bw_info *ip)
 	if (crypt_works_inplace(ip->bw_buffer->b_cryptstate))
 	{
 # endif
-	    crypt_encode_inplace(ip->bw_buffer->b_cryptstate, buf, len, ip->bw_finish);
+	    crypt_encode_inplace(ip->bw_buffer->b_cryptstate, buf, len,
+								ip->bw_finish);
 # ifdef CRYPT_NOT_INPLACE
 	}
 	else
 	{
 	    char_u *outbuf;
 
-	    len = crypt_encode_alloc(curbuf->b_cryptstate, buf, len, &outbuf, ip->bw_finish);
+	    len = crypt_encode_alloc(curbuf->b_cryptstate, buf, len, &outbuf,
+								ip->bw_finish);
 	    if (len == 0)
 		return OK;  // Crypt layer is buffering, will flush later.
 	    wlen = write_eintr(ip->bw_fd, outbuf, len);
@@ -1980,10 +1982,18 @@ buf_write(
 	write_info.bw_start_lnum = start;
 
 #ifdef FEAT_PERSISTENT_UNDO
+	// TODO: if the selected crypt method prevents the undo file from being
+	// written, and existing undo file should be deleted.
 	write_undo_file = (buf->b_p_udf
 			    && overwriting
 			    && !append
 			    && !filtering
+# ifdef CRYPT_NOT_INPLACE
+			    // writing undo file requires
+			    // crypt_encode_inplace()
+			    && (curbuf->b_cryptstate == NULL
+				|| crypt_works_inplace(curbuf->b_cryptstate))
+# endif
 			    && reset_changed
 			    && !checking_conversion);
 	if (write_undo_file)
diff --git a/src/fileio.c b/src/fileio.c
@@ -1298,9 +1298,17 @@ readfile(
 		 * At start of file: Check for magic number of encryption.
 		 */
 		if (filesize == 0 && size > 0)
+		{
 		    cryptkey = check_for_cryptkey(cryptkey, ptr, &size,
 						  &filesize, newfile, sfname,
 						  &did_ask_for_key);
+# ifdef CRYPT_NOT_INPLACE
+		    if (curbuf->b_cryptstate != NULL
+				 && !crypt_works_inplace(curbuf->b_cryptstate))
+			// reading undo file requires crypt_decode_inplace()
+			read_undo_file = FALSE;
+# endif
+		}
 		/*
 		 * Decrypt the read bytes.  This is done before checking for
 		 * EOF because the crypt layer may be buffering.
diff --git a/src/version.c b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    3063,
 /**/
     3062,
 /**/
