Problem: crash with bt_quickfix1_poc when cleaning up
and EXITFREE is defined
Solution: Test if buffer is valid in a window, else close
window directly, don't try to access buffer properties
While at it, increase the crash timeout slightly, so that CI has a
chance to finish processing the test_crash() test.
623ba31821
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: heap-use-after-free in bt_normal()
Solution: check that buffer is still valid
6e60cf444a
Test change only.
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: heap use after free in ins_compl_get_exp()
Solution: validate buffer before accessing it
ee9166eb3b
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: heap-use-after-free in is_qf_win()
Solution: Check buffer is valid before accessing it
fc68299d43
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: test_crash1() fails on CI
Solution: don't run Screendump test, verify that it doesn't crash
by running it through a shell command line, testing
the exit value and concatenating success cmd using '&&'
db510ca805
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: FPE in adjust_plines_for_skipcol
Solution: don't divide by zero, return zero
Prevent a floating point exception when calculating w_skipcol (which can
happen with a small window when the number option is set and cpo+=n).
Add a test to verify
cb0b99f067
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: overflow in get_number
Solution: Return 0 when the count gets too large
[security]: overflow in get_number
When using the z= command, we may overflow the count with values larger
than MAX_INT. So verify that we do not overflow and in case when an
overflow is detected, simply return 0
73b2d3790c
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: overflow in ex address parsing
Solution: Verify that lnum is positive, before substracting from
LONG_MAX
[security]: overflow in ex address parsing
When parsing relative ex addresses one may unintentionally cause an
overflow (because LONG_MAX - lnum will overflow for negative addresses).
So verify that lnum is actually positive before doing the overflow
check.
060623e4a3
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: overflow in nv_z_get_count
Solution: break out, if count is too large
When getting the count for a normal z command, it may overflow for large
counts given. So verify, that we can safely store the result in a long.
58f9befca1
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: overflow with count for :s command
Solution: Abort the :s command if the count is too large
If the count after the :s command is larger than what fits into a
(signed) long variable, abort with e_value_too_large.
Adds a test with INT_MAX as count and verify it correctly fails.
It seems the return value on Windows using mingw compiler wraps around,
so the initial test using :s/./b/9999999999999999999999999990 doesn't
fail there, since the count is wrapping around several times and finally
is no longer larger than 2147483647. So let's just use 2147483647 in the
test, which hopefully will always cause a failure
ac63787734
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Test for expanding "~" in substitute takes too long.
Solution: Disable the test for now.
916d6dd5b1
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Crash when expanding "~" in substitute causes very long text.
Solution: Limit the text length to MAXCOL.
ab9a2d884b
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Use the XTGETTCAP sequence to determine if the host terminal supports
the OSC 52 sequence and, if it does, enable the OSC 52 clipboard
provider by default.
This is only done automatically when all of the following are true:
1. Nvim is running in the TUI
2. 'clipboard' is not set to unnamed or unnamedplus
3. g:clipboard is unset
4. Nvim is running in an SSH connection ($SSH_TTY is set)
5. Nvim is not running inside tmux ($TMUX is unset)
When writing large amounts of data to the tty it is common to first hide
the cursor to avoid a flickering effect. This has been done in Nvim for
a long time and was implemented in the function that actually flushed
the TUI buffer out to the TTY.
However, when using synchronized updates with the 'termsync' option this
is no longer necessary, as the terminal emulator will buffer all of the
updates and display them atomically. Thus there is no need to toggle the
cursor visibility when flushing the buffer when synchronized updates are
used. In fact, doing so can actually reintroduce cursor flickering in
certain scenarios because the visibility state is itself being
synchronized by the terminal.
In addition, the management of the cursor visibility should not happen
when the TUI _buffer_ is flushed, but rather when the TUI itself is
flushed. This is a subtle but meaningful distinction: the former
literally writes bytes to the TTY while the latter flushes the TUI's
grid into its buffer. There is no need to hide the cursor every time we
write bytes to the TTY, only at the beginning of a full TUI "flush"
event.
This fixes an error that can occur in certain pathological cases when
the autocommand fires at just the right time such that it attempts to
close the timer after the timer has already exited, but before the
scheduled callback has fired.
We now let the timer continue to run even when the autocommand deletes
itself to avoid having to repeat the cleanup code multiple times. There
is no harm in letting the timer execute if the autocommand does not
exist, as the pcall will catch the error.
Problem: wast filetype should be replaced by wat filetype
Solution: start using the official wat filetype name
runtime: rename `wast` filetype to `wat` (Wasm text format)
The problem is the name of the current filetype wast. When the plugin
was initially created, the file extension for Wasm text format was not
fixed and .wast was more popular.
However, recently .wat became the official file extension for
WebAssembly text (WAT) format and .wast is now a file extension for the
unofficial WAST format, which is a superset of .wat for the convenience
to describe the Wasm specification conformance tests.
https://webassembly.js.org/docs/contrib-wat-vs-wast.html
However for now, let's keep using the `wat` filetype even for the .wast
extension, so that we at least do not lose the filetype settings and
syntax highlighting. This can be adjusted later, if it turns out to have
a separate need for.
closes: vim/vim#13533bc8f79d36a
Co-authored-by: rhysd <lin90162@yahoo.co.jp>
The 'termsync' option enables a mode (provided the underlying terminal
supports it) where all screen updates during a redraw cycle are buffered
and drawn together when the redraw is complete. This eliminates tearing
or flickering in cases where Nvim redraws slower than the terminal
redraws the screen.
Problem:
Platform-specific UI providers should live in `vim.ui.*`. #24164
Solution:
- Move `vim.clipboard.osc52` module to `vim.ui.clipboard.osc52`.
- TODO: move all of `clipboard.vim` to `vim.ui.clipboard`.
ref #25872
Problem:
'nofsync' may lose data if the system has a hard shutdown. #9888
Solution:
Change default to 'fsync'. This may be revisited in the future when
'nofsync' can be made safer.
If Nvim is in the process of exiting then we do not want to allocate any
new refs onto the event loop, because they will not be freed and will
result in a memory leak.
libtermkey does not interpret OSC sequences that end with a BEL (0x07)
instead of an ST (0x1b 0x5c) terminator. This causes these tests to fail
since the OSC response is now parsed via libtermkey. Change the tests to
use the ST terminator to appease libtermkey.