Problem: buffer-overflow in vim_regsub_both()
Solution: Check remaining space
ced2c7394a
The change to do_sub() looks confusing. Maybe it's an overflow check?
Then the crash may not be applicable to Nvim because of different casts.
The test also looks confusing. It seems to source itself recursively.
Also don't call strlen() twice on evaluation result.
N/A patches for version.c:
vim-patch:9.0.1849: CI error on different signedness in ex_cmds.c
vim-patch:9.0.1853: CI error on different signedness in regexp.c
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: use-after-free in do_ecmd
Solution: Verify oldwin pointer after reset_VIsual()
e1dc9a6275
N/A patches for version.c:
vim-patch:9.0.1841: style: trailing whitespace in ex_cmds.c
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()
889f6af371
Co-authored-by: Christian Brabandt <cb@256bit.org>
Downloading the necessary files all at once instead of doing dependency
handling with luarocks speeds up installation immensely. We speed up the
process even more by using luv as a replacement for the C modules in the
busted dependencies, which allows us to skip costly compilation times.
Co-authored-by: bfredl <bjorn.linse@gmail.com>
runtime(ruby): Update syntax, indent and ftplugin files
While making changes to the ruby ftplugin, slightly change the exepath()
conditional from patch 9.0.1833 and move it after the :cd invocation.
closes: 12981
closes: 12994
da16a1b471
Co-authored-by: Doug Kearns <dougkearns@gmail.com>
Co-authored-by: Tim Pope <code@tpope.net>
Problem: runtime files may execute code in current dir
Solution: only execute, if not run from current directory
The perl, zig and ruby filetype plugins and the zip and gzip autoload
plugins may try to load malicious executable files from the current
working directory. This is especially a problem on windows, where the
current directory is implicitly in your $PATH and windows may even run a
file with the extension `.bat` because of $PATHEXT.
So make sure that we are not trying to execute a file from the current
directory. If this would be the case, error out (for the zip and gzip)
plugins or silently do not run those commands (for the ftplugins).
This assumes, that only the current working directory is bad. For all
other directories, it is assumed that those directories were
intentionally set to the $PATH by the user.
816fbcc262
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Wrong cursor position with virtual text before double-width
char at window edge.
Solution: Check for double-width char before adding virtual text size.
closes: vim/vim#12977ac2d8815ae
set_option_value() only called did_set_option() for string options,
whereas do_set_option_value() called it for all types.
This change makes set_option_value() call did_set_option() for all types
and thus makes it more consistent with do_set_option_value().
runtime(optwin): Fix for 'splitkeep' option (vim/vim#12974)
'spk' was used as a boolean, rather than a string option.
0b8b145bf8
Co-authored-by: xrandomname <141588647+xrandomname@users.noreply.github.com>
The class `lsp.Client` has a public member `server_capabilities`,
which is assumed to be non-nil once initialized, as documented in
`:help vim.lsp.client`. Due to the possibility that it may be nil
before initialization, `lsp.Client` was not having a proper lua type
annotations on the field `server_capabilities`.
Instead of having a nil `server_capabilities` until initialized in
the RPC response callback, we can have an initial value of empty table.
This CHANGES the behavior of the `server_capabilities` field in a way
that it is no longer `nil` until initialization. Note that, as
already documented, `server_capabilities` should never be nil when
it is once initialized and thus ready to be used in user configs.
This fixes the issue where the LspNotify handlers for inlay_hint /
diagnostics would end up refreshing all attached clients.
The handler would call util._refresh, which called
vim.lsp.buf_request, which calls the method on all attached clients.
Now util._refresh takes an optional client_id parameter, which is used
to specify a specific client to update.
This commit also fixes util._refresh's handling of the `only_visible`
flag. Previously if `only_visible` was false, two requests would be made
to the server: one for the visible region, and one for the entire file.
Co-authored-by: Stanislav Asunkin <1353637+stasjok@users.noreply.github.com>
Co-authored-by: Mathias Fußenegger <mfussenegger@users.noreply.github.com>
Problem: When double clicking a line starting with a #, the code assumes
there is a fold there and tries to close it, resulting in an error if
there isn't a fold.
Solution: Check foldlevel before performing "zc".
Problem: Wrong cursor position with virtual text before a whitespace
character and 'linebreak'.
Solution: Always set "col_adj" to "size - 1" and apply 'linebreak' after
adding the size of 'breakindent' and 'showbreak'.
closes: vim/vim#129566e55e85f92
N/A patches:
vim-patch:9.0.1826: keytrans() doesn't translate recorded key typed in a GUI
Problem: Rexx files may not be recognised
Solution: Add shebang detection and improve disambiguation of *.cls
files
closes: vim/vim#12951e06afb7860
Co-authored-by: Doug Kearns <dougkearns@gmail.com>
runtime: cleanup :Sman command via the undo_ftplugin mechanism (vim/vim#12967)
Regards to @dkearns as noticed in
2ac708b5489d8ef7cc43
Co-authored-by: Enno <Konfekt@users.noreply.github.com>