Problem: [security]: use-after-free in check_argument_type
Solution: Reset function type pointer when freeing the function type
list
function pointer fp->uf_func_type may point to the same memory, that was
allocated for fp->uf_type_list. However, when cleaning up a function
definition (e.g. because it was invalid), fp->uf_type_list will be
freed, but fp->uf_func_type may still point to the same (now) invalid
memory address.
So when freeing the fp->uf_type_list, check if fp->func_type points to
any of those types and if it does, reset the fp->uf_func_type pointer to
the t_func_any (default) type pointer
closes: vim/vim#136520f28791b21
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in exec_instructions()
Solution: get tv pointer again
[security]: use-after-free in exec_instructions()
exec_instructions may access freed memory, if the GA_GROWS_FAILS()
re-allocates memory. When this happens, the typval tv may still point to
now already freed memory. So let's get that pointer again and compare it
with tv. If those two pointers differ, tv is now invalid and we have to
refresh the tv pointer.
closes: vim/vim#136215dd41d4b63
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Coverity warning in cstrncmp()
(after v9.1.0645)
Solution: Change the type of n2 to int.
(zeertzjq)
________________________________________________________________________________________________________
*** CID 1615684: Integer handling issues (INTEGER_OVERFLOW)
/src/regexp.c: 1757 in cstrncmp()
1751 n1 -= mb_ptr2len(s1);
1752 MB_PTR_ADV(p);
1753 n2++;
1754 }
1755 // count the number of bytes to advance the same number of chars for s2
1756 p = s2;
>>> CID 1615684: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "n2--", which is equal to 18446744073709551615, where "n2" is known to be equal to 0, underflows the type that receives it, an unsigned integer 64 bits wide.
1757 while (n2-- > 0 && *p != NUL)
1758 MB_PTR_ADV(p);
1759
1760 n2 = p - s2;
1761
1762 result = MB_STRNICMP2(s1, s2, *n, n2);
closes: vim/vim#15409e8feaa354e
`buf.code_action` always included diagnostics on a given line from all
clients. Servers should only receive diagnostics they published, and in
the exact same format they sent it.
Should fix https://github.com/neovim/neovim/issues/29500
inotifywait man page specifies:
The file must be specified with a relative or absolute path according to whether a relative or absolute path is given for watched directories.
So it would only work this way in case the path is relative (which at least for gopls it is not)
- Prefix all global variables with "g:".
- Add spaces around each variable assignment operator.
- Remove extraneous whitespace characters.
- Remove a spurious _serializable_ Java keyword (since v1.1,
java.io.Serializable and java.io.Externalizable interfaces
provide an API for object serialization; see vim-6-0j).
- Normalise the syntax definition argument order by making
_contained_ the first argument of each such definition.
- Normalise the argument tabulation for highlighting group
definitions.
Reference:
https://web.archive.org/web/20010821025330/java.sun.com/docs/books/jls/first_edition/html/1.1Update.html
related: vim/vim#153999aabcef1c8
Co-authored-by: Aliaksei Budavei <0x000c70@gmail.com>
- Reword a few sentences and reformat a few paragraphs.
- Supply absent capitalisation and punctuation.
- Make listed highlighting groups and code stand out.
- Prefix all Java-related global variables with "g:".
- Add spaces around each variable assignment operator.
- Acknowledge that some Javadoc variables are maintained in
the HTML syntax file.
Also, move the overridable _default_ HTML group links before
the HTML syntax file inclusion in order to implement the
documented diverged settings.
related: vim/vim#153993749dff093
Co-authored-by: Aliaksei Budavei <0x000c70@gmail.com>
Problem: Cannot use an autoload function from a package under start.
Solution: Also look in the "start" package directory. (Bjorn Linse,
closesvim/vim#7193)
223a950a85
Nvim already does this in do_in_cached_path(), and this change has no
effect in Nvim as Nvim removes DIP_START after do_in_cached_path().
Accidentally failed to mark as ported:
vim-patch:8.2.1731: Vim9: cannot use += to append to empty NULL list
Co-authored-by: bfredl <bjorn.linse@gmail.com>
Problem: eval5() and eval7 are too complex
Solution: Refactor eval5() and eval7() in eval.c
(Yegappan Lakshmanan)
closes: vim/vim#14900734286e4c6
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
- Make diff colors more accessible, Green for added, Red for deleted, Blue for Changed
- Change Search to blue to be visible with Diff colors
- Change Todo to bright magenta
closes: vim/vim#15400d88ebcbd9f
Co-authored-by: Maxim Kim <habamax@gmail.com>
- Add PmenuMatch and PmenuMatchSel to all colorschemes
- Add contrast to habamax Type, String, Constant and PreProc
- Change habamax PmenuSel to neutral gray to make PmenuMatchSel more visible
- Change habamax Tabline and VertSplit
- Make Conceal less visible for zellner, torte, shine, ron, peachpuff,
pablo, morning, koehler, evening, delek, blue, darkblue, lunaperche,
retrobox
- Add Added/Changed/Removed highlights
- Fix retrobox Terminal background
- Other minor fixes and improvements
closes: vim/vim#15267fcc53461d4
Co-authored-by: Maxim Kim <habamax@gmail.com>
Problem:
Some language servers (e.g., rust-analyzer, texlab) are desynced when
the user deletes the entire contents of the buffer. This is due to the
discrepancy between how nvim computes diff and how nvim treats empty
buffer.
* diff: If the buffer became empty, then the diff includes the last
line's eol.
* empty buffer: Even if the buffer is empty, nvim regards it as having
a single empty line with eol.
Solution:
Add special case for diff computation when the buffer becomes empty so
that it does not include the eol of the last line.
Problem: CompletionItem in lsp spec mentioned the deprecated attribute
Solution: when item has deprecated attribute set hl_group to DiagnosticDeprecated
in complete function
Problem:
`'scrollbind'` does not work properly if the window being scrolled
automatically contains any filler/virtual lines (except for diff filler
lines).
This is because when the scrollbind check is done, the logic only
considers changes to topline which are represented as line numbers.
Solution:
Write the logic for determine the scroll amount to take into account
filler/virtual lines.
Fixes#29751
Problem: Coverity warning after 9.1.0440
Solution: Fix Coverity warning, add a test and
reduce the calls to clear_tv()
(Yegappan Lakshmanan).
closes: vim/vim#14845dbac0da631
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Problem: eval.c not sufficiently tested
Solution: Add a few more additional tests for eval.c,
(Yegappan Lakshmanan)
closes: vim/vim#147994776e64e72
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Problem: Some functions are not tested
Solution: Add a few more tests, fix a few minor problems
(Yegappan Lakshmanan)
closes: vim/vim#14789fe424d13ef
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Problem: Cannot use a method with a complex expression.
Solution: Evaluate the expression after "->" and use the result.
c665dabdf4
Cherry-pick a "verbose" check from patch 8.2.4123.
N/A patches for version.c:
vim-patch:8.2.4102: Vim9: import cannot be used after method
vim-patch:8.2.4110: Coverity warns for using NULL pointer
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Vim9: cannot use += to append to empty NULL list.
Solution: Copy the list instead of extending it. (closesvim/vim#6998)
81ed496048
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: regex: wrong match when searching multi-byte char
case-insensitive (diffsetter)
Solution: Apply proper case-folding for characters and search-string
This patch does the following 4 things:
1) When the regexp engine compares two utf-8 codepoints case
insensitive it may match an adjacent character, because it assumes
it can step over as many bytes as the pattern contains.
This however is not necessarily true because of case-folding, a
multi-byte UTF-8 character can be considered equal to some
single-byte value.
Let's consider the pattern 'ſ' and the string 's'. When comparing and
ignoring case, the single character 's' matches, and since it matches
Vim will try to step over the match (by the amount of bytes of the
pattern), assuming that since it matches, the length of both strings is
the same.
However in that case, it should only step over the single byte value
's' by 1 byte and try to start matching after it again. So for the
backtracking engine we need to ensure:
* we try to match the correct length for the pattern and the text
* in case of a match, we step over it correctly
There is one tricky thing for the backtracing engine. We also need to
calculate correctly the number of bytes to compare the 2 different
utf-8 strings s1 and s2. So we will count the number of characters in
s1 that the byte len specified. Then we count the number of bytes to
step over the same number of characters in string s2 and then we can
correctly compare the 2 utf-8 strings.
2) A similar thing can happen for the NFA engine, when skipping to the
next character to test for a match. We are skipping over the regstart
pointer, however we do not consider the case that because of
case-folding we may need to adjust the number of bytes to skip over.
So this needs to be adjusted in find_match_text() as well.
3) A related issue turned out, when prog->match_text is actually empty.
In that case we should try to find the next match and skip this
condition.
4) When comparing characters using collections, we must also apply case
folding to each character in the collection and not just to the
current character from the search string. This doesn't apply to the
NFA engine, because internally it converts collections to branches
[abc] -> a\|b\|c
fixes: vim/vim#14294closes: vim/vim#1475622e8e12d9f
N/A patches:
vim-patch:9.0.1771: regex: combining chars in collections not handled
vim-patch:9.0.1777: patch 9.0.1771 causes problems
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Illegal memory access when pattern starts with illegal byte.
Solution: Do not match a character with an illegal byte.
f50940531d
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Opening a zipfile from HTTP gives an empty buffer.
Solution: Ensure that the magic bytes check does not
skip protocol processing.
Also use readblob() and remove commented out lines.
closes: vim/vim#15396c4be066817
Co-authored-by: Damien <141588647+xrandomname@users.noreply.github.com>
Problem:
Variables are often assigned multiple places in common patterns.
Solution:
Replace these common patterns with different patterns that reduce the
number of assignments.
Use `MAX` and `MIN`:
```c
if (x < y) {
x = y;
}
// -->
x = MAX(x, y);
```
```c
if (x > y) {
x = y;
}
// -->
x = MIN(x, y);
```
Use ternary:
```c
int a;
if (cond) {
a = b;
} els {
a = c;
}
// -->
int a = cond ? b : c;
```
Problem: Cannot use items() on a string.
Solution: Make items() work on a string. (closesvim/vim#11016)
3e518a8ec7
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: items() does not work on a list. (Sergey Vlasov)
Solution: Make items() work on a list. (closesvim/vim#11013)
976f859763
Skip CHECK_LIST_MATERIALIZE.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Check that mapping rhs starts with lhs doesn't work if lhs is
not simplified.
Solution: Keep track of the mapblock containing the alternative lhs and
also compare with it (zeertzjq).
fixes: vim/vim#15376closes: vim/vim#153849d997addc7
Cherry-pick removal of save_m_str from patch 8.2.4059.
