Resolves#1753.
https://code.google.com/p/vim/source/detail?r=v7-4-399
Reviewed-by: Felipe Oliveira Carvalho <felipekde@gmail.com>
Helped-by: David Bürgin <676c7473@gmail.com>
Helped-by: Scott Prager <splinterofchaos@gmail.com>
Helped-by: Michael Reed <m.reed@mykolab.com>
Helped-by: Felipe Oliveira Carvalho <felipekde@gmail.com>
event_poll() always leaves the libuv I/O loop after one iteration. The
duration for how long the loop polls for I/O is given by the shortest
timeout of all active timers. Is no timer active, I/O is/could be polled
indefinitely.
To make sure our timer is still active when I/O polling begins,
a prepare handle is used to start the timer right before the polling.
But by only using a timer that restarts after its timeout was reached,
we also can assure that polling is done with (nearly) the same finite
timeout.
For a short explanation how the I/O loop is working, see
http://docs.libuv.org/en/latest/design.html#the-i-o-loop.
Problem : Dereference of null pointer @ 1769.
Diagnostic : Real issue.
Rationale : It seems buffer could be null. Not sure, though.
Resolution : Check for buffer null.
This resolution was chosen as it will always work.
But it could be that buffer can't really be null at that
point. autocmd_win is ruled out by close_window, so that
can't be the case. I'm not sure if other windows without
buffers are possible, so leaving it this way.
If it's confirmed buffer can't be null, resolution through
an assert would be possible and this would be FP, not RI.
Problem : Dead initialization @ 1119.
Diagnostic : Real issue.
Rationale : `obj` is immediately assigned another value through
GET_CONFIG_VALUE macro.
Resolution : Don't initialize.
Helped-by: oni-link <knil.ino@gmail.com>
Problem : Dead initialization @ 1109.
Diagnostic : Real issue.
Rationale : `obj` is immediately assigned another value through
GET_CONFIG_VALUE macro.
Resolution : Don't initialize.
Helped-by: oni-link <knil.ino@gmail.com>
Problem : Dereference of null pointer @ 1053.
Diagnostic : Real issue.
Rationale : Branch "Exiting focused terminal" can actually be executed
when term is NULL.
Resolution : Guard branch with term check.
Problem : Use-after-free @ 15081.
Diagnostic : Multithreading issue.
Rationale : `get_dict_callback` can return NULL on two different
cases: 1) when the dict doesn't contain the given key;
this case is not considered an error. 2) when the key
exists but there's some problem with its value; this is
considered an error.
Then, code calling `get_dict_callback` in
`common_job_callbacks`, as well as code calling
`common_job_callbacks`, uses `did_emsg` to distinguish
between error/non-error cases.
Suggested error path presumes an error condition within
`common_job_callbacks`, with `did_emsg` being true, but
then being false just after returning to calling code in
`f_termopen`.
That, clearly, could only happen if another thread run in
between those points.
Resolution : Refactor `get_dict_callback` and `common_job_callbacks`, so
that they clearly distinguish between error/non-error
situations, without recurring to globals.
Problem : Dereference of null pointer @ 10812.
Diagnostic : False positive.
Rationale : `args->lv_first` can't be NULL, as we have just stated
above that that there's at least one item.
Resolution : Assert.
The fallowing test (reduced), submitted by @mhinz may free term->buf,
leaving the pointer dangling.
```vim
let s:buf = -1
function! s:exit_handler()
execute 'bdelete!' s:buf
endfunction
vnew
let s:buf = bufnr('%')
let id = termopen('sleep 1', { 'on_exit': function('s:exit_handler') })
call s:test()
```
When the buffer is known to be closing, set term->buf to NULL, and check
buf_valid() in on_refresh().
Helped-by: Marco Hinz (@mhinz)
Problem: A search with end offset gets stuck at end of file. (Gary Johnson)
Solution: When a search doesn't move the cursor repeat it with a higher
count. (Christian Brabandt)
https://github.com/vim/vim/releases/tag/v7-4-636
The original fix 3db0a40d69
does not work for more than one loop iteration, because memory allocated
in the previous iteration could be reused in the current iteration.
Because expand_wildcards() never reads the variables *num_file
and *file before the first assignment to them, the initial
values for these variables can be anything. So instead of
calling expand_shellcmd() with *file = "" we set *file = NULL.
That should help coverity see, that not a array-typed value
is freed.
Helped-by: Eliseo Martínez <eliseomarmol@gmail.com>
Be more specific in the description of mch_expand_wildcards():
This function will never free memory pointed to by its arguments.
If OK is returned, *file will always point to allocated memory.
*num_file is set to the number of pointers in *file.
If FAIL is returned *file is set to NULL and *num_file to 0.
If gen_expand_wildcards() returns FAIL, no memory allocation in this
function needs to be undone.
If expand_wildcards() returns FAIL, no memory allocation in this
function needs to be undone.
Helped-by: Eliseo Martínez <eliseomarmol@gmail.com>
Helped-by: Michael Reed <m.reed@mykolab.com>
Problem: With some regexp patterns the NFA engine uses many states and
becomes very slow. To the user it looks like Vim freezes.
Solution: When the number of states reaches a limit fall back to the old
engine. (Christian Brabandt)
https://github.com/vim/vim/releases/tag/v7-4-497
Helped-by: David Bürgin <676c7473@gmail.com>
Helped-by: Justin M. Keyes <justinkz@gmail.com>
Helped-by: Scott Prager <splinterofchaos@gmail.com>
Pressing <C-\> and then a mouse click will insert the click into the
terminal as if a keyboard button had been pressed.
Keep track of whether the last input was <C-\> and only call
terminal_send_key() if the next input is a key press.
While in a terminal and insert mode, if an event caused loss of focus,
nvim would stay in the terminal event loop causing an inconsistent view
of internal state and/or segfault.
Remove the "term" argument from terminal_enter() as it only makes sense
to call it with curbuf->terminal. Terminate the loop when switched to a
different buffer.
fixes#2301
This makes :<c-r>* work as expected and
avoids clobbering zero register ("0) when pasting unnamed clipboard
Helped-By: Scott Prager <splinterofchaos@gmail.com>
Helped-By: Michael Reed <m.reed@mykolab.com>
This makes the interpretion consistent with the way newlines are used in
the VIMENC format, while keeping the same fallback behaviour when
regtype is unspecified. Also check both cases explicitly in the tests.
indent/r.vim : change shiftwidth to 2 and minor bug fixes.
indent/rhelp.vim : move the position of the test if the script was already sourced
indent/rmd.vim : minor bug fix
indent/rnoweb.vim : minor bug fix
syntax/r.vim : minor bug fixes and improvement (distinguish = from ==)