mirror of
https://github.com/zed-industries/zed.git
synced 2024-12-25 20:11:49 +03:00
Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
081e9b9a60
This PR fixes a potential panic that could occur when loading malformed Wasm files. We now use the `parse_wasm_extension_version` function that was previously used just to extract the Zed extension API version from the Wasm bytes as a pre-validation step. By parsing the entirety of the Wasm file here instead of returning as soon as we find the version, the invalid Wasm bytes are now surfaced as an `Err` instead of a panic. We were able to replicate the panic using the following test: ```rs #[gpui::test] async fn test_bad_wasm(cx: &mut TestAppContext) { init_test(cx); let wasm_host = cx.update(|cx| { WasmHost::new( FakeFs::new(cx.background_executor().clone()), FakeHttpClient::with_200_response(), FakeNodeRuntime::new(), Arc::new(LanguageRegistry::test(cx.background_executor().clone())), PathBuf::from("/the/work/dir".to_string()), cx, ) }); let mut wasm_bytes = std::fs::read("/Users/maxdeviant/Library/Application Support/Zed/extensions/installed/dart/extension.wasm").unwrap(); // This is the error message we were seeing in the stack trace: // range end index 267037 out of range for slice of length 253952 dbg!(&wasm_bytes.len()); // Truncate the bytes to the same point: wasm_bytes.truncate(253952); std::fs::write("/tmp/bad-extension.wasm", wasm_bytes.clone()).unwrap(); let manifest = Arc::new(ExtensionManifest { id: "the-extension".into(), name: "The Extension".into(), version: "0.0.1".into(), schema_version: SchemaVersion(1), description: Default::default(), repository: Default::default(), authors: Default::default(), lib: LibManifestEntry { kind: None, version: None, }, themes: Default::default(), languages: Default::default(), grammars: Default::default(), language_servers: Default::default(), }); // 💥 let result = wasm_host .load_extension(wasm_bytes, manifest, cx.executor()) .await; dbg!(result.map(|_| ())); ``` Release Notes: - Fixed a crash that could occur when loading malformed Wasm extensions ([#10352](https://github.com/zed-industries/zed/issues/10352)). --------- Co-authored-by: Max <max@zed.dev> |
||
---|---|---|
.cargo | ||
.config | ||
.github | ||
.zed | ||
assets | ||
crates | ||
docs | ||
extensions | ||
script | ||
tooling/xtask | ||
.dockerignore | ||
.gitattributes | ||
.gitignore | ||
.gitmodules | ||
.mailmap | ||
Cargo.lock | ||
Cargo.toml | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
debug.plist | ||
docker-compose.sql | ||
docker-compose.yml | ||
Dockerfile | ||
LICENSE-AGPL | ||
LICENSE-APACHE | ||
LICENSE-GPL | ||
livekit.yaml | ||
Procfile | ||
README.md | ||
rust-toolchain.toml | ||
typos.toml |
Zed
Welcome to Zed, a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
Installation
You can download Zed today for macOS (v10.15+).
Support for additional platforms is on our roadmap:
- Linux (tracking issue)
- Windows (tracking issue)
- Web (tracking issue)
For macOS users, you can also install Zed using Homebrew:
brew install zed
Alternatively, to install the Preview release:
brew tap homebrew/cask-versions
brew install zed-preview
Developing Zed
- Building Zed for macOS
- Building Zed for Linux
- Building Zed for Windows
- Running Collaboration Locally
Contributing
See CONTRIBUTING.md for ways you can contribute to Zed.
Licensing
License information for third party dependencies must be correctly provided for CI to pass.
We use cargo-about
to automatically comply with open source licenses. If CI is failing, check the following:
- Is it showing a
no license specified
error for a crate you've created? If so, addpublish = false
under[package]
in your crate's Cargo.toml. - Is the error
failed to satisfy license requirements
for a dependency? If so, first determine what license the project has and whether this system is sufficient to comply with this license's requirements. If you're unsure, ask a lawyer. Once you've verified that this system is acceptable add the license's SPDX identifier to theaccepted
array inscript/licenses/zed-licenses.toml
. - Is
cargo-about
unable to find the license for a dependency? If so, add a clarification field at the end ofscript/licenses/zed-licenses.toml
, as specified in the cargo-about book.