Commit Graph

6587 Commits

Author SHA1 Message Date
zeertzjq
9d7544ac4c vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute
Problem:  [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating

When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.

So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.

Reported by @henices, thanks!

closes: vim/vim#13596

abfa13ebe9

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
9cc346119b vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions
Problem:  [security]: stack-buffer-overflow in option callback functions
Solution: pass size of errbuf down the call stack, use snprintf()
          instead of sprintf()

We pass the error buffer down to the option callback functions, but in
some parts of the code, we simply use sprintf(buf) to write into the error
buffer, which can overflow.

So let's pass down the length of the error buffer and use sprintf(buf, size)
instead.

Reported by @henices, thanks!

b39b240c38

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
01edcd6db8 vim-patch:9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Problem:  [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array

Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.

Reported by @henices, thanks!

0fb375aae6

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
7402655132 vim-patch:9.0.2140: [security]: use-after-free in win-enter
Problem:  [security]: use-after-free in win-enter
Solution: validate window pointer before calling win_enter()

win_goto() may stop visual mode, if it is active. However, this may in
turn trigger the ModeChanged autocommand, which could potentially free
the wp pointer which was valid before now became stale and points to now
freed memory.

So before calling win_enter(), let's verify one more time, that the
wp pointer still points to a valid window structure.

Reported by @henices, thanks!

eec0c2b3a4

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
387c5ba3de
revert: "memory: Free buffers after freeing variables" (#26356)
This reverts commit fe30d8ccef.

The original commit intends to prevent heap-use-after-free with EXITFREE
caused by changedtick_di, which is no longer a problem.

Freeing buffers after freeing variables will cause heap-use-after-free
with EXITFREE when a partial is used as prompt callback.
2023-12-02 09:55:11 +08:00
zeertzjq
fedbf32250
vim-patch:9.0.2139: html.angular ft is problematic (#26357)
Problem:  html.angular ft is problematic
Solution: partly revert v9.0.2137

The html.angular filetype causes issues and does not trigger FileType
autocommands for the html or angular filetypes.

So let's roll back that particular change and detect this only as html
file

related: https://github.com/vim/vim/pull/13594#issuecomment-1834465890

closes: vim/vim#13604

4f3480c943

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 09:42:16 +08:00
zeertzjq
548f03c66c
refactor: change event_create() to a macro (#26343)
A varargs functions can never be inlined, so a macro is faster.
2023-12-01 15:22:22 +08:00
zeertzjq
130cb4815a
fix(api): use a conditional stack for nvim_cmd (#26341) 2023-12-01 13:56:04 +08:00
ObserverOfTime
307d5bcc79 vim-patch:9.0.2137: Can't detect angular & mustache filetypes
Problem:  Can't detect angular & mustache filetypes
Solution: Detect *.mustache as Mustache filetype;
          detect *.component.html as html.angular filetype

closes: vim/vim#13594

7bed263c34
2023-11-30 18:40:27 +01:00
Gregory Anders
884a83049b
fix(tui): grow termkey's internal buffer for large escape sequences (#26309)
Some escape sequences (in particular, OSC 52 paste responses) can be
very large, even unbounded in length. These can easily overflow
termkey's internal buffer. In order to process these long sequences,
dynamically grow termkey's internal buffer.
2023-11-30 08:04:33 -06:00
bfredl
3b6dd8608d
Merge pull request #23657 from luukvbaal/extmark
fix(extmark): restore extmarks when completing original text
2023-11-30 11:48:16 +01:00
zeertzjq
85be914879
test: unskip more terminal tests on Windows (#26315) 2023-11-30 10:55:21 +08:00
zeertzjq
62dff43947
test(ex_terminal_spec): match descriptions (#26314) 2023-11-30 08:56:21 +08:00
zeertzjq
90b213990f test: :terminal when 'shell' uses backslashes 2023-11-30 07:32:28 +08:00
zeertzjq
73691b6c3d
test(ex_terminal_spec): unskip tests that work on Windows (#26310) 2023-11-30 07:06:23 +08:00
Luuk van Baal
8e97edb93f fix(extmark): restore extmarks when completing original text 2023-11-29 23:38:27 +01:00
zeertzjq
a6cba103ce
refactor: move some constants out of vim_defs.h (#26298) 2023-11-29 20:32:40 +08:00
Luuk van Baal
f4001d27ef perf(column): only invalidate lines affected by added sign 2023-11-29 10:17:15 +00:00
bfredl
584c6c25cc
Merge pull request #26292 from luukvbaal/decor
fix(decorations): do not apply sign highlight id as range attr id
2023-11-29 11:12:25 +01:00
zeertzjq
640680ccce
vim-patch:9.0.2134: ml_get error when scrolling (#26264)
Problem:  ml_get error when scrolling after delete
Solution: mark topline to be validated in main_loop
          if it is larger than current buffers line
          count

reset_lnums() is called after e.g. TextChanged autocommands and it may
accidentally cause curwin->w_topline to become invalid, e.g. if the
autocommand has deleted some lines.

So verify that curwin->w_topline points to a valid line and if not, mark
the window to have w_topline recalculated in main_loop() in
update_topline() after reset_lnums() returns.

fixes: vim/vim#13568
fixes: vim/vim#13578

c4ffeddfe5

The error doesn't happen in Nvim because Nvim triggers TextChanged after
calling update_topline().

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-29 13:24:24 +08:00
Luuk van Baal
a0e9ef09d7 fix(decorations): do not apply sign highlight id as range attr id 2023-11-29 03:57:23 +01:00
zeertzjq
aa9d9cafd0
vim-patch:9.0.2135: No test for mode() when executing Ex commands (#26282)
Problem:  No test for mode() when executing Ex commands
Solution: Add some test cases and simplify several other test cases.
          Also add a few more test cases for ModeChanged.

closes: vim/vim#13588

fcaeb3d42b
2023-11-29 06:51:00 +08:00
dundargoc
79b6ff28ad refactor: fix headers with IWYU 2023-11-28 22:23:56 +01:00
Luuk van Baal
35cec0de4a fix(column): redraw and update signcols for paired extmark
Problem:  Signcolumn width does not increase when ranged sign does not
          start at sentinel line.
Solution: Handle paired range of added sign when checking signcols.
2023-11-28 16:44:20 +00:00
bfredl
ba564442ae
Merge pull request #26249 from bfredl/concealchar
feat(decoration): allow conceal_char to be a composing char
2023-11-28 11:01:21 +01:00
bfredl
ae3685798d feat(decoration): allow conceal_char to be a composing char
decor->text.str pointer must go. This removes it for conceal char,
in preparation for a larger PR which will also handle the sign case.

By actually allowing composing chars for a conceal chars, this
becomes a feature and not just a refactor, as a bonus.
2023-11-28 10:35:25 +01:00
zeertzjq
e6d38c7dac
vim-patch:9.0.2133: Cannot detect overstrike mode in Cmdline mode (#26263)
Problem:  Cannot detect overstrike mode in Cmdline mode
Solution: Make mode() return "cr" for overstrike

closes: vim/vim#13569

d1c3ef1f47
2023-11-28 11:46:20 +08:00
Christian Clason
a314703cf1
vim-patch:9.0.2131: not all nushell files detected (#26260)
Problem:  not all nushell files detected
Solution: use *.nu to detect nushell files

closes: vim/vim#13586

b9efc72c24

Co-authored-by: Daniel Buch Hansen <boogiewasthere@gmail.com>
2023-11-28 07:58:31 +08:00
Dmytro Soltys
72ed99319d fix(treesitter): don't invalidate parser when discovering injections
When parsing with a range, languagetree looks up injections and adds
them if needed. This explicitly invalidates parser, making `is_valid`
report `false` both when including and excluding children.

This is an attempt to describe desired behaviour of `is_valid` in tests,
with what ended up being a single line change to satisfy them.
2023-11-27 15:53:26 +01:00
zeertzjq
a03bd2b878
test: check vim.wait() error message in fast context (#26242) 2023-11-27 18:24:32 +08:00
Lewis Russell
84bbe4b0ca fix(lua): disallow vim.wait() in fast contexts
`vim.wait()` cannot be called in a fast callback since the main loop
cannot be run in that context as it is not reentrant

Fixes #26122
2023-11-27 09:09:21 +00:00
Christian Clason
38e98754a5 vim-patch:9.0.2128: runtime(swig): add syntax and filetype plugins
Add syntax and filetype plugins for SWIG (Simplified Wrapper Interface
Generator) description files.

The default syntax for .i files highlights comments in a reverse
color scheme which doesn't look well.  This syntax builds
on vim's c++ syntax by adding highlighting for common swig
directives and user defined directives.  For an alternative
syntax, see vimscript vim/vim#1247 (which I found after writing this).

closes: vim/vim#13562

2e31065a65

Co-authored-by: Julien Marrec <julien.marrec@gmail.com>
Co-authored-by: Matěj Cepl <mcepl@cepl.eu>
2023-11-26 00:41:59 +01:00
James McCoy
0da62b579f
Merge pull request #26203 from jamessan/swapfile-test-fix
fix(oldtest): always use a 64-bit int for swapfile block number
2023-11-25 07:08:27 -05:00
luukvbaal
6a2a37b1e1
fix(mouse): avoid dragging when clicking next to popupmenu (#26201) 2023-11-25 07:10:19 +08:00
James McCoy
a1ded1b113
fix(oldtest): always use a 64-bit int for swapfile block number
09d4133 changed blocknr_T from long to int64_t, so pe_bnum is now always 64-bit.  This was an incompatible change in the swapfile format for 32-bit systems, but there have been no complaints in the past 9 years so just adjust the test.
2023-11-24 15:22:00 -05:00
zeertzjq
55dbf5c379
fix(messages): validate msg_grid before using msg_grid_pos (#26189) 2023-11-24 10:44:19 +08:00
luukvbaal
a8a93e517f
fix(mouse): avoid dragging after click label popupmenu callback (#26187) 2023-11-24 09:15:50 +08:00
zeertzjq
fe94e04893
vim-patch:9.0.2126: unused assignments when checking 'listchars' (#26182)
Problem:  Unused assignments when checking the value of 'listchars'.
Solution: Loop only once when just checking the value.  Add a test to
          check that this change doesn't cause double-free.

closes: vim/vim#13559

00624a2fa0
2023-11-24 06:52:50 +08:00
zeertzjq
9510346141
vim-patch:9.0.2125: File info disappears when 'cmdheight' has decreased (#26180)
Problem:  File info disappears immediately when 'cmdheight' has just
          decreased due to switching tabpage and 'shortmess' doesn't
          contain 'o' or 'O'.
Solution: Make sure msg_row isn't smaller than cmdline_row.

fixes: vim/vim#13560
closes: vim/vim#13561

40ed6711bd
2023-11-24 06:13:24 +08:00
Luuk van Baal
df399ea0d2 fix(column): reset decor state before starting from top 2023-11-23 16:27:17 +00:00
zeertzjq
b514edcdf4
test: remove the pipe created by new_pipename() (#26173) 2023-11-23 23:05:52 +08:00
luukvbaal
c126a3756a
fix(column): apply numhl signs when 'signcolumn' is "no" (#26167) 2023-11-23 19:58:17 +08:00
zeertzjq
8d8136bfcf vim-patch:9.0.2121: [security]: use-after-free in ex_substitute
Problem:  [security]: use-after-free in ex_substitute
Solution: always allocate memory

closes: vim/vim#13552

A recursive :substitute command could cause a heap-use-after free in Vim
(CVE-2023-48706).

The whole reproducible test is a bit tricky, I can only reproduce this
reliably when no previous substitution command has been used yet
(which is the reason, the test needs to run as first one in the
test_substitute.vim file) and as a combination of the `:~` command
together with a :s command that contains the special substitution atom `~\=`
which will make use of a sub-replace special atom and calls a vim script
function.

There was a comment in the existing :s code, that already makes the
`sub` variable allocate memory so that a recursive :s call won't be able
to cause any issues here, so this was known as a potential problem
already.  But for the current test-case that one does not work, because
the substitution does not start with `\=` but with `~\=` (and since
there does not yet exist a previous substitution atom, Vim will simply
increment the `sub` pointer (which then was not allocated dynamically)
and later one happily use a sub-replace special expression (which could
then free the `sub` var).

The following commit fixes this, by making the sub var always using
allocated memory, which also means we need to free the pointer whenever
we leave the function. Since sub is now always an allocated variable,
we also do no longer need the sub_copy variable anymore, since this one
was used to indicated when sub pointed to allocated memory (and had
therefore to be freed on exit) and when not.

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q

26c11c5688

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-23 16:17:37 +08:00
Luuk van Baal
c249058758 feat(extmarks): add sign name to extmark "details" array
Problem:  Unable to identify legacy signs when fetching extmarks with
          `nvim_buf_get_extmarks()`.
Solution: Add "sign_name" to the extmark detail array.

Add some misc. changes as follow-up to #25724
2023-11-22 12:43:59 +01:00
bfredl
fba17d5b88 fix(decorations): fix imbalanced sign count 2023-11-22 11:41:47 +01:00
bfredl
0b38fe4dbb refactor(decorations): break up Decoration struct into smaller pieces
Remove the monolithic Decoration struct. Before this change, each extmark
could either represent just a hl_id + priority value as a inline
decoration, or it would take a pointer to this monolitic 112 byte struct
which has to be allocated.

This change separates the decorations into two pieces: DecorSignHighlight
for signs, highlights and simple set-flag decorations (like spell,
ui-watched), and DecorVirtText for virtual text and lines.

The main separation here is whether they are expected to allocate more
memory. Currently this is not really true as sign text has to be an
allocated string, but the plan is to get rid of this eventually (it can
just be an array of two schar_T:s). Further refactors are expected to
improve the representation of each decoration kind individually. The
goal of this particular PR is to get things started by cutting the
Gordian knot which was the monolithic struct Decoration.

Now, each extmark can either contain chained indicies/pointers to
these kinds of objects, or it can fit a subset of DecorSignHighlight
inline.

The point of this change is not only to make decorations smaller in
memory. In fact, the main motivation is to later allow them to grow
_larger_, but on a dynamic, on demand fashion. As a simple example, it
would be possible to augment highlights to take a list of multiple
`hl_group`:s, which then would trivially map to a chain of multiple
DecorSignHighlight entries.

One small feature improvement included with this refactor itself, is
that the restriction that extmarks cannot be removed inside a decoration
provider has been lifted. These are instead safely lifetime extended
on a "to free" list until the current iteration of screen drawing is done.

NB: flags is a mess. but DecorLevel is useless, this slightly less so
2023-11-22 09:28:54 +01:00
Bara C. Tudor
91ef26dece
fix(messages): :map output with ext_messages (#26126) 2023-11-22 09:50:28 +08:00
zeertzjq
fec5e3ab24
fix(vim.region): handle multibyte inclusive selection properly (#26129) 2023-11-21 14:25:45 +08:00
luukvbaal
d667e0e414
vim-patch:9.0.2116: No test for defining sign without attribute (#26115)
Problem:  No test for defining sign without attribute
Solution: Add test for defining sign without attributes

closes: vim/vim#13544

e670d17342
2023-11-20 10:25:14 +08:00
Mathias Fußenegger
7ca2d64e8b
test: skip failing watch file tests on freebsd (#26110)
Quick fix as follow up to https://github.com/neovim/neovim/pull/26108

kqueue only reports events on a watched folder itself, not for files
created or deleted within. So the approach the PR took doesn't work on FreeBSD.

We'll either need to bring back polling for it, combine watching with manual
file tracking, or disable LSP file watching on FreeBSD
2023-11-19 18:37:49 +01:00