Problem: [security] double-free in dialog_changed()
(SuyueGuo)
Solution: Only clear pointer b_sfname pointer, if it is different
than the b_ffname pointer. Don't try to free b_fname,
set it to NULL instead.
fixes: vim/vim#15403
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2fb29f4abcd4
Co-authored-by: Christian Brabandt <cb@256bit.org>
- common_function() has always been in evalfunc.c in Vim
- return_register() has always been in evalfunc.c in Vim
- get_user_input() was moved to ex_getln.c in Vim 8.1.1957
- tv_get_lnum_buf() was moved to typval.c in Vim 8.2.0847
Problem: filetype: goaccess config file not recognized
Solution: detect 'goaccess.conf' as goaccess filetype, also
include a basic syntax and ftplugin (Adam Monsen)
Add syntax highlighting for GoAccess configuration file.
GoAccess is a real-time web log analyzer and interactive viewer that
runs in a terminal in *nix systems or through your browser.
GoAccess home page: https://goaccess.iocloses: vim/vim#154140aa65b48fb
Co-authored-by: Adam Monsen <haircut@gmail.com>
Make `:Sexplore` / `:Hexplore` / `:Vexplore` commands honor the user
`&split{right,below}` settings (or netrw-specific `g:netrw_alt{o,v}`)
instead of hardcoding a split direction. Similarly, update banged
variants of the two latter commands to follow the inverted preference.
closes: vim/vim#15417c527d90fae
Co-authored-by: Ivan Shapovalov <intelfx@intelfx.name>
Problem:
Tests have lots of exec_lua calls which input blocks of code
provided as unformatted strings.
Solution:
Teach exec_lua how to handle functions.
When the cursor is moved we terminate any active OSC 8 sequences to
prevent the sequence from inadvertently spanning regions it is not meant
to span. However, if we do not also reset the TUI's active attr id
(print_attr_id) then the TUI does not "know" that it's current attribute
set has changed. When cursor_goto is called to wrap a line, the TUI does
not recompute the attributes so the OSC 8 sequence is not restarted
again.
When we terminate an OSC 8 sequence before moving the cursor, also reset
the active attr id so that the attributes are recomputed for URLs.
Problem: Wrong comment for "len" argument of call_simple_func().
Solution: Remove the "or -1 to use strlen()". Also change its type to
size_t to remove one cast. (zeertzjq)
closes: vim/vim#15410c1ed788c1b
Problem: Calling a function from an "expr" option has too much overhead.
Solution: Add call_simple_func() and use it for 'foldexpr'
87b4e5c5db
Cherry-pick a call_func() change from patch 8.2.1343.
Add expr-option-function docs to options.txt.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Vim9: using a script-local function requires using "s:" when
setting 'completefunc'.
Solution: Do not require "s:" in Vim9 script. (closesvim/vim#9796)
1fca5f3e86
vim-patch:8.2.4417: using NULL pointer
Problem: Using NULL pointer.
Solution: Set offset after checking for NULL pointer.
e89bfd212b
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: too many strlen() calls in syntax.c
Solution: refactor code to reduce the number or strlen() calls,
get rid of un-used SYN_NAMELEN macro
(John Marriott)
closes: vim/vim#15368b4ea77185c
Co-authored-by: John Marriott <basilisk@internode.on.net>
Problem: ex: trailing dot is optional for :g and :insert/:append
Solution: don't break out early, when the next command is empty.
(Mohamed Akram)
The terminating period is optional for the last command in a global
command list.
closes: vim/vim#154070214680a8e
Co-authored-by: Mohamed Akram <mohd.akram@outlook.com>
Problem: [security] use-after-free in tagstack_clear_entry
(Suyue Guo )
Solution: Instead of manually calling vim_free() on each of the tagstack
entries, let's use tagstack_clear_entry(), which will
also free the stack, but using the VIM_CLEAR macro,
which prevents a use-after-free by setting those pointers
to NULL
This addresses CVE-2024-41957
Github advisory:
https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr48a0bbe7b8a
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in check_argument_type
Solution: Reset function type pointer when freeing the function type
list
function pointer fp->uf_func_type may point to the same memory, that was
allocated for fp->uf_type_list. However, when cleaning up a function
definition (e.g. because it was invalid), fp->uf_type_list will be
freed, but fp->uf_func_type may still point to the same (now) invalid
memory address.
So when freeing the fp->uf_type_list, check if fp->func_type points to
any of those types and if it does, reset the fp->uf_func_type pointer to
the t_func_any (default) type pointer
closes: vim/vim#136520f28791b21
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in exec_instructions()
Solution: get tv pointer again
[security]: use-after-free in exec_instructions()
exec_instructions may access freed memory, if the GA_GROWS_FAILS()
re-allocates memory. When this happens, the typval tv may still point to
now already freed memory. So let's get that pointer again and compare it
with tv. If those two pointers differ, tv is now invalid and we have to
refresh the tv pointer.
closes: vim/vim#136215dd41d4b63
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Coverity warning in cstrncmp()
(after v9.1.0645)
Solution: Change the type of n2 to int.
(zeertzjq)
________________________________________________________________________________________________________
*** CID 1615684: Integer handling issues (INTEGER_OVERFLOW)
/src/regexp.c: 1757 in cstrncmp()
1751 n1 -= mb_ptr2len(s1);
1752 MB_PTR_ADV(p);
1753 n2++;
1754 }
1755 // count the number of bytes to advance the same number of chars for s2
1756 p = s2;
>>> CID 1615684: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "n2--", which is equal to 18446744073709551615, where "n2" is known to be equal to 0, underflows the type that receives it, an unsigned integer 64 bits wide.
1757 while (n2-- > 0 && *p != NUL)
1758 MB_PTR_ADV(p);
1759
1760 n2 = p - s2;
1761
1762 result = MB_STRNICMP2(s1, s2, *n, n2);
closes: vim/vim#15409e8feaa354e
`buf.code_action` always included diagnostics on a given line from all
clients. Servers should only receive diagnostics they published, and in
the exact same format they sent it.
Should fix https://github.com/neovim/neovim/issues/29500
inotifywait man page specifies:
The file must be specified with a relative or absolute path according to whether a relative or absolute path is given for watched directories.
So it would only work this way in case the path is relative (which at least for gopls it is not)
- Prefix all global variables with "g:".
- Add spaces around each variable assignment operator.
- Remove extraneous whitespace characters.
- Remove a spurious _serializable_ Java keyword (since v1.1,
java.io.Serializable and java.io.Externalizable interfaces
provide an API for object serialization; see vim-6-0j).
- Normalise the syntax definition argument order by making
_contained_ the first argument of each such definition.
- Normalise the argument tabulation for highlighting group
definitions.
Reference:
https://web.archive.org/web/20010821025330/java.sun.com/docs/books/jls/first_edition/html/1.1Update.html
related: vim/vim#153999aabcef1c8
Co-authored-by: Aliaksei Budavei <0x000c70@gmail.com>
- Reword a few sentences and reformat a few paragraphs.
- Supply absent capitalisation and punctuation.
- Make listed highlighting groups and code stand out.
- Prefix all Java-related global variables with "g:".
- Add spaces around each variable assignment operator.
- Acknowledge that some Javadoc variables are maintained in
the HTML syntax file.
Also, move the overridable _default_ HTML group links before
the HTML syntax file inclusion in order to implement the
documented diverged settings.
related: vim/vim#153993749dff093
Co-authored-by: Aliaksei Budavei <0x000c70@gmail.com>
Problem: Cannot use an autoload function from a package under start.
Solution: Also look in the "start" package directory. (Bjorn Linse,
closesvim/vim#7193)
223a950a85
Nvim already does this in do_in_cached_path(), and this change has no
effect in Nvim as Nvim removes DIP_START after do_in_cached_path().
Accidentally failed to mark as ported:
vim-patch:8.2.1731: Vim9: cannot use += to append to empty NULL list
Co-authored-by: bfredl <bjorn.linse@gmail.com>
Problem: eval5() and eval7 are too complex
Solution: Refactor eval5() and eval7() in eval.c
(Yegappan Lakshmanan)
closes: vim/vim#14900734286e4c6
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
- Make diff colors more accessible, Green for added, Red for deleted, Blue for Changed
- Change Search to blue to be visible with Diff colors
- Change Todo to bright magenta
closes: vim/vim#15400d88ebcbd9f
Co-authored-by: Maxim Kim <habamax@gmail.com>
- Add PmenuMatch and PmenuMatchSel to all colorschemes
- Add contrast to habamax Type, String, Constant and PreProc
- Change habamax PmenuSel to neutral gray to make PmenuMatchSel more visible
- Change habamax Tabline and VertSplit
- Make Conceal less visible for zellner, torte, shine, ron, peachpuff,
pablo, morning, koehler, evening, delek, blue, darkblue, lunaperche,
retrobox
- Add Added/Changed/Removed highlights
- Fix retrobox Terminal background
- Other minor fixes and improvements
closes: vim/vim#15267fcc53461d4
Co-authored-by: Maxim Kim <habamax@gmail.com>
Problem:
Some language servers (e.g., rust-analyzer, texlab) are desynced when
the user deletes the entire contents of the buffer. This is due to the
discrepancy between how nvim computes diff and how nvim treats empty
buffer.
* diff: If the buffer became empty, then the diff includes the last
line's eol.
* empty buffer: Even if the buffer is empty, nvim regards it as having
a single empty line with eol.
Solution:
Add special case for diff computation when the buffer becomes empty so
that it does not include the eol of the last line.
Problem: CompletionItem in lsp spec mentioned the deprecated attribute
Solution: when item has deprecated attribute set hl_group to DiagnosticDeprecated
in complete function
Problem:
`'scrollbind'` does not work properly if the window being scrolled
automatically contains any filler/virtual lines (except for diff filler
lines).
This is because when the scrollbind check is done, the logic only
considers changes to topline which are represented as line numbers.
Solution:
Write the logic for determine the scroll amount to take into account
filler/virtual lines.
Fixes#29751
Problem: Coverity warning after 9.1.0440
Solution: Fix Coverity warning, add a test and
reduce the calls to clear_tv()
(Yegappan Lakshmanan).
closes: vim/vim#14845dbac0da631
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Problem: eval.c not sufficiently tested
Solution: Add a few more additional tests for eval.c,
(Yegappan Lakshmanan)
closes: vim/vim#147994776e64e72
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Problem: Some functions are not tested
Solution: Add a few more tests, fix a few minor problems
(Yegappan Lakshmanan)
closes: vim/vim#14789fe424d13ef
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Problem: Cannot use a method with a complex expression.
Solution: Evaluate the expression after "->" and use the result.
c665dabdf4
Cherry-pick a "verbose" check from patch 8.2.4123.
N/A patches for version.c:
vim-patch:8.2.4102: Vim9: import cannot be used after method
vim-patch:8.2.4110: Coverity warns for using NULL pointer
Co-authored-by: Bram Moolenaar <Bram@vim.org>