Problem: INT overflow logic can be simplified
Solution: introduce trim_to_int() function
closes: vim/vim#135562b0882fa65
vim-patch:9.0.2138: Overflow logic requires long long
Problem: Overflow logic requires long long
Solution: Define vimlong_T data type to make life easier
for porters
closes: vim/vim#13598fda700cb04
Cherry-pick ops.c change from patch 9.1.0608.
Co-authored-by: Ernie Rael <errael@raelity.com>
Problem: [security]: prevent overflow in indenting
Solution: use long long and remove cast to (int)
The shiftwidth option values are defined as being long. However, when
calculating the actual amount of indent, we cast down to (int), which
may cause the shiftwidth value to become negative and later it may even
cause Vim to try to allocate a huge amount of memory.
We already use long and long long variable types to calculate the indent
(and detect possible overflows), so the cast to (int) seems superfluous
and can be safely removed. So let's just remove the (int) cast and
calculate the indent using longs.
Additionally, the 'shiftwidth' option value is also used when determining
the actual 'cino' options. There it can again cause another overflow, so
make sure it is safe in parse_cino() as well.
fixes: vim/vim#13554closes: vim/vim#135553770574e4a
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Coverity warns for another overflow in shift_line()
Solution: Test for INT_MAX after the if condition, cast integer values
to (long long) before multiplying.
22a97fc241
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: overflow in shift_line
Solution: allow a max indent of INT_MAX
[security]: overflow in shift_line
When shifting lines in operator pending mode and using a very large
value, we may overflow the size of integer. Fix this by using a long
variable, testing if the result would be larger than INT_MAX and if so,
indent by INT_MAX value.
Special case: We cannot use long here, since on 32bit architectures (or
on Windows?), it typically cannot take larger values than a plain int,
so we have to use long long count, decide whether the resulting
multiplication of the shiftwidth value * amount is larger than INT_MAX
and if so, we will store INT_MAX as possible larges value in the long
long count variable.
Then we can safely cast it back to int when calling the functions to set
the indent (set_indent() or change_indent()). So this should be safe.
Add a test that when using a huge value in operator pending mode for
shifting, we will shift by INT_MAX
closes: vim/vim#135356bf131888a
Skip the test for now, as it takes too long and requires other fixes.
Co-authored-by: Christian Brabandt <cb@256bit.org>
On Debian 12 when detaching the program wouldn't launch at all
closes: vim/vim#16168eda923e9c9
Co-authored-by: Konfekt <Konfekt@users.noreply.github.com>
Problem: GVim: default font size a bit too small
Solution: increase guifont size to 12 pt on GTK builds
of gVim (matveyt).
fixes: vim/vim#16172closes: vim/vim#16178ad3b6a3340
Co-authored-by: matveyt <matthewtarasov@yandex.ru>
Problem: no error check for neg values for 'messagesopt'
(after v9.1.0908)
Solution: add additional error checks and tests (h-east)
closes: vim/vim#1618765be834c30
Nvim's getdigits() checks for overflow, so the code change isn't needed.
Co-authored-by: h-east <h.east.727@gmail.com>
Since Vietnamese keymaps in Vim is quite differences from the
corresponding input methods, let's document the Vietnamese specifics in
vietnames.txt
related: vim/vim#16144189e24bb14
Problem: Variable name for 'messagesopt' doesn't match short name
(after v9.1.0908)
Solution: Change p_meo to p_mopt. Add more details to docs.
closes: vim/vim#161828cc43daee1
Problem: 'messagesopt' does not check max wait time
(after v9.1.0908)
Solution: Check for max wait value
(Shougo Matsushita)
closes: vim/vim#16183d9e9f89e0f
Co-authored-by: Shougo Matsushita <Shougo.Matsu@gmail.com>
Problem: It is not obvious if a treesitter highlight priority shown in
`:Inspect` is higher or lower than the default.
Solution: Also print default priority (`vim.hl.priorities.treesitter`).
Add padding for better readability.
Problem: :sleep! not hiding the cursor is an arbitrary difference from
Vim without obvious justification, and Vim's behavior isn't
easily achievable in Nvim.
Solution: Make :sleep! hide the cursor while sleeping.
Ref:
6a01b3fcc3b5c0ade437
Problem:
char-wise folding for `#trim!` ranges are improperly calculated for nodes that
end at column 0, due to the way `get_node_text` works.
Solution:
Add the blank line that `get_node_text` removes for for nodes ending at column
0. Also properly set column positions when performing linewise trims.
Problem:
Diagnostics and inlay hints can be expensive to calculate, and we
shouldn't stack them as this can cause noticeable lag.
Solution:
Check for duplicate inflight requests and cancel them before issuing a new one.
This ensures that only the latest request is processed, improving
performance and preventing potential conflicts.
Problem: `:Inspect` does not show priority for treesitter highlights,
leading to confusion why sometimes earlier highlights override later
highlights.
Solution: Also print priority metadata if set.
Problem:
vim.json.encode escapes every slash in string values (for example in
file paths), and is not optional. Use-case is for preventing HTML
injections (eg. injecting `</script>` closing tag); in the context of
Nvim this is rarely useful.
Solution:
- Add a `escape_slash` flag to `vim.json.encode`.
- Defaults to `false`. (This is a "breaking" change, but more like
a bug fix.)
This commit also implements more generic trimming, acting on all
whitespace (charwise) rather than just empty lines.
It will unblock
https://github.com/nvim-treesitter/nvim-treesitter/pull/3442 and allow
for properly concealing markdown bullet markers regardless of indent
width, e.g.
Problem: Paragraph below bulleted list was joined to last list item instead of dropping below as expected. Same with "Notes:" paragraph below it.
Solution: Added necessary newlines.
Problem: When completion leader changes, text that might be reinserted
immediately after is deleted. This unnecessarily affects
extmarks. #31387 restored the original extmarks but that
prevents end_right_gravity marks from growing.
Solution: Avoid deleting leader text that will be reinserted.
Problem: In an autocommand Lua callback whether `args.file` is expanded
depends on whether `expand('<afile>')` has been called.
Solution: Always use the unexpanded file name for `args.file`.
Related to #31306 and vim/vim#16106. This doesn't provide `sfname`, but
at least makes `args.file` have a consistent value.
Problem: Marks that are properly restored by the splice associated with
an undo edit, are unnecessarily pushed to the undo header. This
results in incorrect mark tracking in the "copy_only"
save/restore completion path.
Solution: Avoid pushing left gravity marks at the beginning of the range,
and right gravity marks at the end of the range to the undo
header.
The old code would always update `_qf_id` with the current quickfix,
even if you're currently looking at a completely different,
non-diagnostics quickfix list. This completely defeats the intent of
<https://github.com/neovim/neovim/pull/30868>, whoops!
Problem: potential overflow in spell_soundfold_wsal()
Solution: Protect wres from buffer overflow, by checking the
length (Zdenek Dohnal)
Error: OVERRUN (CWE-119):
vim91/src/spell.c:3819: cond_const: Checking "reslen < 254" implies that
"reslen" is 254 on the false branch.
vim91/src/spell.c:3833: incr: Incrementing "reslen". The value of "reslen"
is now 255.
vim91/src/spell.c:3792: overrun-local: Overrunning array "wres" of 254
4-byte elements at element index 254 (byte offset 1019) using index
"reslen - 1" (which evaluates to 254).
3789| {
3790| // rule with '<' is used
3791|-> if (reslen > 0 && ws != NULL && *ws != NUL
3792| && (wres[reslen - 1] == c
3793| || wres[reslen - 1] == *ws))
Error: OVERRUN (CWE-119):
vim91/src/spell.c:3819: cond_const: Checking "reslen < 254" implies that
"reslen" is 254 on the false branch.
vim91/src/spell.c:3833: overrun-local: Overrunning array "wres" of 254
4-byte elements at element index 254 (byte offset 1019) using index
"reslen++" (which evaluates to 254).
3831| {
3832| if (c != NUL)
3833|-> wres[reslen++] = c;
3834| mch_memmove(word, word + i + 1,
3835| sizeof(int) * (wordlen -
(i + 1) + 1));
related: vim/vim#1616339a94d2048
Co-authored-by: Zdenek Dohnal <zdohnal@redhat.com>
