From: Dante Catalfamo <dante@lambda.cx>
Subject: mg: prevet crash with invalid compile buffer
To: "tech@openbsd.org" <tech@openbsd.org>
Date: Sat, 27 Jul 2024 17:10:09 -0400

Hello tech@,

There is a bug in mg that will cause a crash if you call `next-error`
after deleting the compile window or compile buffer. You can easily
replicate the issue by calling `grep`, changing the buffer in the
completion window, and calling `next-error`.

This patch will check if the completion buffer and window are still
valid before attempting to read from them.

Thanks

diff --git a/usr.bin/mg/grep.c b/usr.bin/mg/grep.c
index aa7f9dfd8..b6db138d3 100644
--- a/usr.bin/mg/grep.c
+++ b/usr.bin/mg/grep.c
@@ -21,6 +21,7 @@
 
 int	 globalwd = FALSE;
 static int	 compile_goto_error(int, int);
+int		 valid_compile_buffer(void);
 int		 next_error(int, int);
 static int	 grep(int, int);
 static int	 gid(int, int);
@@ -318,9 +319,47 @@ fail:
 }
 
 int
-next_error(int f, int n)
+valid_compile_buffer(void)
 {
+	struct mgwin *wp;
+	struct buffer *bp;
+	int win_found, buffer_found;
+
 	if (compile_win == NULL || compile_buffer == NULL) {
+		return (FALSE);
+	}
+
+	win_found = buffer_found = 0;
+
+	for (wp = wheadp; wp != NULL; wp = wp->w_wndp) {
+		if (compile_win == wp)
+			win_found = 1;
+	}
+	if (!win_found) {
+		compile_win = NULL;
+		return (FALSE);
+	}
+
+	for (bp = bheadp; bp != NULL; bp = bp->b_bufp) {
+		if (compile_buffer == bp)
+			buffer_found = 1;
+	}
+	if (!buffer_found) {
+		compile_buffer = NULL;
+		return (FALSE);
+	}
+
+	if (compile_win->w_bufp != compile_buffer)
+		return (FALSE);
+
+	return (TRUE);
+}
+
+
+int
+next_error(int f, int n)
+{
+    if (!valid_compile_buffer()) {
 		dobeep();
 		ewprintf("No compilation active");
 		return (FALSE);