Problem: When processing terminal output with many combining characters
from supplementary planes (4-byte UTF-8), a heap-buffer
overflow occurs. Additionally, the loop iterating over
cell characters can read past the end of the vterm array
(ehdgks0627, un3xploitable).
Solution: Use VTERM_MAX_CHARS_PER_CELL * 4 for ga_grow() to ensure
sufficient space. Add a boundary check to the character
loop to prevent index out-of-bounds access.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When parsing a malformed Emacs-style tags file, a 1-byte
heap-buffer-underflow read occurs if the 0x7f delimiter
appears at the very beginning of a line. This happens
because the code attempts to scan backward for a tag
name from the delimiter without checking if space exists.
(ehdgks0627, un3xploitable)
Solution: Add a check to ensure the delimiter (p_7f) is not at the
start of the buffer (lbuf) before attempting to isolate
the tag name.
GitHub Advisory:
https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: Insufficient validation of hostname and port in
netrw URIs allows command injection via shell metacharacters
(ehdgks0627, un3xploitable).
Solution: Implement stricter RFC1123 hostname and IP validation.
Use shellescape() for the provided hostname and port.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: inside_block() always checks the flags of the top-most stack
entry instead of the current loop index.
Solution: Use the loop index 'i' to check all levels of the condition
stack (Weixie Cui).
closes: #19524
Signed-off-by: Weixie Cui <cuiweixie@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: various tests leave swapfiles around
Solution: close open buffers using :bw! instead of :close!
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The length passed to add_attr_and_value for " ctermfont=" is
incorrect. In highlight_set_font(), sg_font_name is freed and
updated in two separate branches, leading to redundant code.
Solution: Correct the length parameter in hlg_add_or_update().
Refactor highlight_set_font() to update the font name string
only once after a successful change is detected.
closes: #19512
Signed-off-by: glepnir <glephunter@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Inefficient use of list_append_string()
Solution: Pass string length to list_append_string() where it is known
(John Marriott).
closes: #19491
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: memory leak in invoke_sync_listeners()
Solution: Free the recorded_changes on early return
(Huihui Huang).
closes: #19516
Signed-off-by: Huihui Huang <625173@qq.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: popup: opacity feature causes flickering
(after v9.2.0016)
Solution: Only skip the mask and enable the opacity context if
w_popup_blend is greater than 0 (Hirohito Higashi).
fixes: #19510
fixes: #19499closes: #19515
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: memory leak in type_name_list_or_dict()
Solution: Free the variable member_free on early returns (Huihui Huang).
closes: #19513
Signed-off-by: Huihui Huang <625173@qq.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Using the wrong field with DAP channel mode
(after v9.2.0060)
Solution: Use request_seq instead of seq when handing DAP response
(Foxe Chen).
closes: #19511
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Not possible to know when a session will be loaded.
Solution: Add the SessionLoadPre autocommand (Colin Kennedy).
fixes: #19084closes: #19306
Signed-off-by: Colin Kennedy <colinvfx@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: No support for the DAP channel mode
Solution: Add native channel support for the debug-adapter-protocol
(Foxe Chen)
closes: #19432
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Compile error in did_set_previewpopup() when quickfix
feature is not included (John Marriott, after v9.2.0051)
Solution: Add ifdef FEAT_QUICKFIX (John Marriott)
related: #18873
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: eval_addblob() is inefficient
Solution: Replace per-byte ga_append() loop with a single ga_grow() and
mch_memmove() for each source blob. This eliminates N grow
checks and function call overhead for blob concatenation
(Yasuhiro Matsumoto).
closes: #19494
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vims list concatenation is inefficient
Solution: Use a single allocation of len1 + len2 using
list_alloc_with_items() (Yasuhiro Matsumoto).
Replace list_copy() + list_extend() (N+1 individual mallocs) with a
single list_alloc_with_items(len1+len2) call. This reduces the number
of memory allocations from O(N) to O(1) for the list '+' operator.
closes: #19495
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Running gvim with a tiny build under a Wayland compositor
hides the bottom half of the command line
(dezza, after v9.1.1585).
Solution: When Wayland display protocol support is not compiled in
(HAVE_WAYLAND not defined), force the X11 GDK backend to avoid
display issues. This restores the gdk_set_allowed_backends("x11")
call that was removed by patch 9.1.1585, but only for builds
without Wayland support (e.g. tiny builds, see patch 9.1.1565)
(Hirohito Higashi)
fixes: #19483closes: #19504
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The 'previewpopup' option lacks several customization values
that 'completepopup' supports, such as borders, shadows,
and UI handles.
Solution: Add support for "border", "borderhighlight", "close",
"resize", and "shadow" to 'previewpopup' (Arkissa)
closes: #18873
Signed-off-by: Arkissa <mrarkssac@gmail.com>
Signed-off-by: Girish Palya <girishji@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: In gvim on Windows, a certain problem can occur when the
WM_SETFOCUS event sent after an external command is not
processed immediately.
Solution: After posting WM_SETFOCUS, run the message loop to process it
as quickly as possible (Muraoka Taro).
The problem is that Test_normal11_showcmd may fail when running the
test_normal.vim test. Investigation revealed that the trigger was an
external command executed in the previous test,
Test_mouse_shape_after_failed_change, when two tests were executed
consecutively. In gvim on Windows, a WM_SETFOCUS event will be sent
when an external command finishes executing. This WM_SETFOCUS event is
not processed immediately, but rather by redraw, which is expected to
update showcmd. Because it is queued in typebuf at this time,
clear_showcmd(), which expects typebuf to be empty, cannot update
showcmd.
Also added a test that simulates the above problem.
closes: #19167
Signed-off-by: Muraoka Taro <koron.kaoriya@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: typename() returns wrong type for lists/dicts/tuples
with shared references (Mao-Yining).
Solution: Reset CopyID after processing the item so it can be
re-inspected if encountered again via a different reference
(Hirohito Higashi).
fixes: #19490closes: #19492
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: MS-Windows: ConPTY not yet preferred
Solution: Mark ConPTY as stable starting with Windows 11 (build 22000).
Vim will now prefer ConPTY over winpty on these systems.
fixes: #19033closes: #19037
Signed-off-by: bennyyip <yebenmy@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Wayland: still performance issues
(lilydjwg, after v9.2.0010)
Solution: Revert another part of Patch v9.2.0010
(Christoffer Aasted)
Revert "perf(gtk-wayland): avoid early redraws; compositor does redraw"
fixes: #19471
fixes: #19481closes: #19482
Signed-off-by: Christoffer Aasted <dezzadk@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
- Generate once (and inline) all alphabetical mark names.
- Allocate all markable "setpos" lists in advance.
- Continue tolerating redundant "setpos" calls that reset
mark "`" for motions within a line or motions between
paired lines (i.e. the lines for which mark "`" is made
reciprocal) rather than making "getpos" calls that check
the position of mark "`" before conditionally changing it
with "setpos" since checking a mark position is slower
than setting it according to profiling samples.
- Observe sparing use of empty lines.
closes: #19476
Signed-off-by: Aliaksei Budavei <0x000c70@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: crypt: Crash when reading an encrypted UTF-8 file.
This happens because readfile() does not account for leftover
conversion bytes (conv_restlen) when reallocating and moving
the buffer after decryption (smss2022).
Solution: Include conv_restlen in the offset calculations and memmove
operations within readfile() (Foxe Chen).
fixes: #19425closes: #19453
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Not always using GA_CONCAT_LITERAL with string literals.
(after: v9.2.0031)
Solution: Use the GA_CONCAT_LITERAL, instead of ga_concat_len.
(John Marriott)
closes: #19468
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: In screen_line(), there is a potential integer underflow when
accessing ScreenAttrs[off_to - 1] if off_to is zero.
(Coverity CID 1681430, after v9.2.0017)
Solution: Add a check to ensure off_to > 0 before accessing the
previous attribute index.
related: #19272
closes: #19479
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Wayland: Not using Boolean type (after v9.2.0010)
Solution: Use bool type instead of int (Hirohito Higashi).
closes: #19473
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: netrw: need better tests for absolute paths
Solution: Use absolutepath(), instead of regex test (Miguel Barro).
closes: #19477
Signed-off-by: Guybrush <miguel.barro@live.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: syntax highlighting lost in popup with opacity lower than 100
(after v9.2.0017)
Solution: Before blending, combine the popup's window color attribute
with the character's own attribute using hl_combine_attr()
(Yasuhiro Matsumoto).
related: #19272
closes: #19478
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: filetype: sh filetype used for env files
Solution: Detect *.env and .env.* files as env filetype,
detect .envrc and .envrc.* as sh filetype,
include a simple env syntax script (DuckAfire)
Previously, .env files were handled by the shell syntax. While
functional, this limited the ability to support specific .env
implementations, such as CodeIgniter4 which allows dots in keys
(e.g., "foo.bar=0").
The new dedicated 'env' filetype and syntax script improves legibility
and prevents highlighting from breaking when encountering spaces.
Currently, the syntax does not support indentation; fields, variables,
and comments must start at the beginning of the line.
closes: #19260
Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: DuckAfire <155199080+duckafire@users.noreply.github.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: completion: hang with line completion and fuzzy (Jesse Pavel)
Solution: Only check the line number when wrapping around the file
(Hirohito Higashi).
fixes: #19434closes: #19443
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Inefficient use of ga_concat()
Solution: Use ga_concat_len() when the length is already known to avoid
use of strlen() (John Marriott).
closes: #19422
Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Christian Brabandt
Weixie Cui
Hirohito Higashi
glepnir
John Marriott
Huihui Huang
Foxe Chen
Colin Kennedy
Yasuhiro Matsumoto
Arkissa
Muraoka Taro
bennyyip
przepompownia
Antonio Giovanni Colombo
Christoffer Aasted
Aliaksei Budavei
Girish Palya
Ivan Pešić
Miguel Barro
DuckAfire