| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: [security]: use-after-free in ex_substitute
Solution: always allocate memory
closes: vim/vim#13552
A recursive :substitute command could cause a heap-use-after free in Vim
(CVE-2023-48706).
The whole reproducible test is a bit tricky, I can only reproduce this
reliably when no previous substitution command has been used yet
(which is the reason, the test needs to run as first one in the
test_substitute.vim file) and as a combination of the `:~` command
together with a :s command that contains the special substitution atom `~\=`
which will make use of a sub-replace special atom and calls a vim script
function.
There was a comment in the existing :s code, that already makes the
`sub` variable allocate memory so that a recursive :s call won't be able
to cause any issues here, so this was known as a potential problem
already. But for the current test-case that one does not work, because
the substitution does not start with `\=` but with `~\=` (and since
there does not yet exist a previous substitution atom, Vim will simply
increment the `sub` pointer (which then was not allocated dynamically)
and later one happily use a sub-replace special expression (which could
then free the `sub` var).
The following commit fixes this, by making the sub var always using
allocated memory, which also means we need to free the pointer whenever
we leave the function. Since sub is now always an allocated variable,
we also do no longer need the sub_copy variable anymore, since this one
was used to indicated when sub pointed to allocated memory (and had
therefore to be freed on exit) and when not.
Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| |
|
|
|
|
|
|
| |
Problem: Unable to identify legacy signs when fetching extmarks with
`nvim_buf_get_extmarks()`.
Solution: Add "sign_name" to the extmark detail array.
Add some misc. changes as follow-up to #25724
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the monolithic Decoration struct. Before this change, each extmark
could either represent just a hl_id + priority value as a inline
decoration, or it would take a pointer to this monolitic 112 byte struct
which has to be allocated.
This change separates the decorations into two pieces: DecorSignHighlight
for signs, highlights and simple set-flag decorations (like spell,
ui-watched), and DecorVirtText for virtual text and lines.
The main separation here is whether they are expected to allocate more
memory. Currently this is not really true as sign text has to be an
allocated string, but the plan is to get rid of this eventually (it can
just be an array of two schar_T:s). Further refactors are expected to
improve the representation of each decoration kind individually. The
goal of this particular PR is to get things started by cutting the
Gordian knot which was the monolithic struct Decoration.
Now, each extmark can either contain chained indicies/pointers to
these kinds of objects, or it can fit a subset of DecorSignHighlight
inline.
The point of this change is not only to make decorations smaller in
memory. In fact, the main motivation is to later allow them to grow
_larger_, but on a dynamic, on demand fashion. As a simple example, it
would be possible to augment highlights to take a list of multiple
`hl_group`:s, which then would trivially map to a chain of multiple
DecorSignHighlight entries.
One small feature improvement included with this refactor itself, is
that the restriction that extmarks cannot be removed inside a decoration
provider has been lifted. These are instead safely lifetime extended
on a "to free" list until the current iteration of screen drawing is done.
NB: flags is a mess. but DecorLevel is useless, this slightly less so
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Problem: No test for defining sign without attribute
Solution: Add test for defining sign without attributes
closes: vim/vim#13544
https://github.com/vim/vim/commit/e670d17342ea05af253b0452afb980397fa143be
|
| |
|
|
|
|
|
|
|
| |
Quick fix as follow up to https://github.com/neovim/neovim/pull/26108
kqueue only reports events on a watched folder itself, not for files
created or deleted within. So the approach the PR took doesn't work on FreeBSD.
We'll either need to bring back polling for it, combine watching with manual
file tracking, or disable LSP file watching on FreeBSD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Should help with https://github.com/neovim/neovim/issues/23291
On linux `new_fs_event` doesn't support recursive watching, but we can
still use it to watch folders.
The downside of this approach is that we may end up sending some false
`Deleted` events. For example, if you save a file named `foo` there will
be a intermediate `foo~` due to the save mechanism of neovim.
The events we get from vim.uv in that case are:
- rename: foo~
- rename: foo~
- rename: foo
- rename: foo
- change: foo
- change: foo
The mechanism in this PR uses a debounce to reduce this to:
- deleted: foo~
- changed: foo
`foo~` will be the false positive.
I suspect that for the LSP case this is good enough. If not, we may need
to follow up on this and keep a table in memory that tracks available
files.
|
| |\
| |
| | |
refactor(sign): move legacy signs to extmarks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: The legacy signlist data structures and associated functions are
redundant since the introduction of extmark signs.
Solution: Store signs defined through the legacy commands in a hashmap, placed
signs in the extmark tree. Replace signlist associated functions.
Usage of the legacy sign commands should yield no change in behavior with the
exception of:
- "orphaned signs" are now always removed when the line it is placed on is
deleted. This used to depend on the value of 'signcolumn'.
- It is no longer possible to place multiple signs with the same identifier
in a single group on multiple lines. This will now move the sign instead.
Moreover, both signs placed through the legacy sign commands and through
|nvim_buf_set_extmark()|:
- Will show up in both |sign-place| and |nvim_buf_get_extmarks()|.
- Are displayed by increasing sign identifier, left to right.
Extmark signs used to be ordered decreasingly as opposed to legacy signs.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
The test is for the case without 'termsync' because libvterm doesn't
support synchronized output, and it passes without this PR.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: buffer text with composing chars are converted from UTF-8
to an array of up to seven UTF-32 values and then converted back
to UTF-8 strings.
Solution: Convert buffer text directly to UTF-8 based schar_T values.
The limit of the text size is now in schar_T bytes, which is currently
31+1 but easily could be raised as it no longer multiplies the size
of the entire screen grid when not used, the full size is only required
for temporary scratch buffers.
Also does some general cleanup to win_line text handling, which was
unnecessarily complicated due to multibyte rendering being an "opt-in"
feature long ago. Nowadays, a char is just a char, regardless if it consists
of one ASCII byte or multiple bytes.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security]: Use-after-free in win_close()
Solution: Check window is valid, before accessing it
If the current window structure is no longer valid (because a previous
autocommand has already freed this window), fail and return before
attempting to set win->w_closing variable.
Add a test to trigger ASAN in CI
https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security] use-after-free from buf_contents_changed()
Solution: block autocommands
https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: segfault in exmode when redrawing
Solution: skip gui_scroll when exmode_active
https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: buffer-overflow in trunc_string()
Solution: Add NULL at end of buffer
Currently trunc_string() assumes that when the string is too long,
buf[e-1] will always be writeable. But that assumption may not always be
true. The condition currently looks like this
else if (e + 3 < buflen)
[...]
else
{
// can't fit in the "...", just truncate it
buf[e - 1] = NUL;
}
but this means, we may run into the last else clause with e still being
larger than buflen. So a buffer overflow occurs.
So instead of using `buf[e - 1]`, let's just always
truncate at `buf[buflen - 1]` which should always be writable.
https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
vim-patch:9.0.2004: Missing test file
Problem: Missing test file
Solution: git-add the file to the repo
closes: vim/vim#13305
https://github.com/vim/vim/commit/d4afbdd0715c722cfc73d3a8ab9e578667615faa
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: Trailing white space in tests
Solution: Delete it
This causes test_codestyle to fail, so we need to remove it again.
Hopefully that makes the CI green again.
Note: I will start using annotated tags from now on.
https://github.com/vim/vim/commit/da200c2f78ef3c91557a2b484d284eb0c1c62776
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: Test_crash fails on Mac
Solution: Skip test on Mac
https://github.com/vim/vim/commit/5856b07795dff69e3bac57deb5033b5839c1dfb8
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: tests running sh have problems
Solution: Check that dash is installed
closes: vim/vim#13040
https://github.com/vim/vim/commit/1690ec64ffd784cddddb937870f5891adbb21986
Co-authored-by: Philip H <47042125+pheiduck@users.noreply.github.com>
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: heap-buffer-overflow in vim_regsub_both
Solution: Disallow exchanging windows when textlock is active
https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
Cherry-pick test_crash.vim change from patch 9.0.1876.
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: CI: test_crash() fails on CI
Solution: Skip test on BSD
https://github.com/vim/vim/commit/d2a08ba0fa4a25f31cee9d9f33b0aa8237227387
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: test_crash still fails for circle ci
Solution: give even more time to complete
https://github.com/vim/vim/commit/59adcb4c203371258c72e76011da93eac8540317
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: crash with bt_quickfix1_poc when cleaning up
and EXITFREE is defined
Solution: Test if buffer is valid in a window, else close
window directly, don't try to access buffer properties
While at it, increase the crash timeout slightly, so that CI has a
chance to finish processing the test_crash() test.
https://github.com/vim/vim/commit/623ba31821a41acee7e948794e84867680b97885
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: CI: test_crash1() is flaky
Solution: Wait a bit longer
https://github.com/vim/vim/commit/f44cbe96fa44d10d6dd717e0a9f6ef0f104ee98a
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: heap-use-after-free in bt_normal()
Solution: check that buffer is still valid
https://github.com/vim/vim/commit/6e60cf444a8839ca1694319bf9a82e7b097e5c4d
Test change only.
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: heap use after free in ins_compl_get_exp()
Solution: validate buffer before accessing it
https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: heap-use-after-free in is_qf_win()
Solution: Check buffer is valid before accessing it
https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: test_crash1() fails on CI
Solution: don't run Screendump test, verify that it doesn't crash
by running it through a shell command line, testing
the exit value and concatenating success cmd using '&&'
https://github.com/vim/vim/commit/db510ca8052884fd260f425025bacf44f6c92fa9
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security]: FPE in adjust_plines_for_skipcol
Solution: don't divide by zero, return zero
Prevent a floating point exception when calculating w_skipcol (which can
happen with a small window when the number option is set and cpo+=n).
Add a test to verify
https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security]: overflow in get_number
Solution: Return 0 when the count gets too large
[security]: overflow in get_number
When using the z= command, we may overflow the count with values larger
than MAX_INT. So verify that we do not overflow and in case when an
overflow is detected, simply return 0
https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security]: overflow in ex address parsing
Solution: Verify that lnum is positive, before substracting from
LONG_MAX
[security]: overflow in ex address parsing
When parsing relative ex addresses one may unintentionally cause an
overflow (because LONG_MAX - lnum will overflow for negative addresses).
So verify that lnum is actually positive before doing the overflow
check.
https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security]: overflow in nv_z_get_count
Solution: break out, if count is too large
When getting the count for a normal z command, it may overflow for large
counts given. So verify, that we can safely store the result in a long.
https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: [security]: overflow with count for :s command
Solution: Abort the :s command if the count is too large
If the count after the :s command is larger than what fits into a
(signed) long variable, abort with e_value_too_large.
Adds a test with INT_MAX as count and verify it correctly fails.
It seems the return value on Windows using mingw compiler wraps around,
so the initial test using :s/./b/9999999999999999999999999990 doesn't
fail there, since the count is wrapping around several times and finally
is no longer larger than 2147483647. So let's just use 2147483647 in the
test, which hopefully will always cause a failure
https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78
Co-authored-by: Christian Brabandt <cb@256bit.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: Test commented out in a wrong way.
Solution: Use legacy script comment character.
https://github.com/vim/vim/commit/a4467c433a767cc2dc046ff134094c1b6305b678
Co-authored-by: Bram Moolenaar <Bram@vim.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: Test for expanding "~" in substitute takes too long.
Solution: Disable the test for now.
https://github.com/vim/vim/commit/916d6dd5b1834293e21a72ef70175aae57e78fba
Co-authored-by: Bram Moolenaar <Bram@vim.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem: Crash when expanding "~" in substitute causes very long text.
Solution: Limit the text length to MAXCOL.
https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
Co-authored-by: Bram Moolenaar <Bram@vim.org>
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Problem: Skipcol is not reset when topline changed scrolling cursor to top
Solution: reset skipcol
closes: vim/vim#13528
https://github.com/vim/vim/commit/bb800a7907209f7d349f87b76b3b9ca30b416298
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: wast filetype should be replaced by wat filetype
Solution: start using the official wat filetype name
runtime: rename `wast` filetype to `wat` (Wasm text format)
The problem is the name of the current filetype wast. When the plugin
was initially created, the file extension for Wasm text format was not
fixed and .wast was more popular.
However, recently .wat became the official file extension for
WebAssembly text (WAT) format and .wast is now a file extension for the
unofficial WAST format, which is a superset of .wat for the convenience
to describe the Wasm specification conformance tests.
https://webassembly.js.org/docs/contrib-wat-vs-wast.html
However for now, let's keep using the `wat` filetype even for the .wast
extension, so that we at least do not lose the filetype settings and
syntax highlighting. This can be adjusted later, if it turns out to have
a separate need for.
closes: vim/vim#13533
https://github.com/vim/vim/commit/bc8f79d36a456054ed29f46585830af6d71f57c8
Co-authored-by: rhysd <lin90162@yahoo.co.jp>
|
| |
|
|
|
|
|
| |
The 'termsync' option enables a mode (provided the underlying terminal
supports it) where all screen updates during a redraw cycle are buffered
and drawn together when the redraw is complete. This eliminates tearing
or flickering in cases where Nvim redraws slower than the terminal
redraws the screen.
|
| |
|
|
|
|
|
|
| |
Problem:
'nofsync' may lose data if the system has a hard shutdown. #9888
Solution:
Change default to 'fsync'. This may be revisited in the future when
'nofsync' can be made safer.
|
| |
|
|
|
|
|
| |
libtermkey does not interpret OSC sequences that end with a BEL (0x07)
instead of an ST (0x1b 0x5c) terminator. This causes these tests to fail
since the OSC response is now parsed via libtermkey. Change the tests to
use the ST terminator to appease libtermkey.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
(#26023)
Problem: Text properties test fails when 'encoding' is not utf-8.
Solution: Compare with original value of 'encoding'. (Christian Brabandt,
closes vim/vim#3986)
https://github.com/vim/vim/commit/ed79d1e348c40e2432802423bf22e4f7b536bf8a
Co-authored-by: Bram Moolenaar <Bram@vim.org>
|
