Problem: filetype: not all ObjectScript routines are recognized
Solution: Also detect "%RO" and "iris" patterns inside *.rtn files
(Hannah Kimura)
closes: #19873
Signed-off-by: Hannah Kimura <hannah.kimura@intersystems.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Sway 1.11 added `security_context_v1` metadata as criteria:
- `sandbox_engine`
- `sandbox_app_id`
- `sandbox_instance_id`
Sway 1.12 will add the `tag` criteria for `xdg_toplevel_tag_v1`, as
well as the `hdr` output option (with options `on`, `off`, and
`toggle`).
closes: #19884
Signed-off-by: Felix Pehla <29adc1fd92@gmail.com>
Signed-off-by: James Eapen <james.eapen@vai.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: still some unnecessary (int) casts in alloc()
Solution: Remove more unnecessary (int) casts before alloc() calls
(Yasuhiro Matsumoto).
Follow-up to patch 9.2.0283. Remove remaining (int) casts in
vim9script.c and netbeans.c.
vim9script.c: lengths are derived from STRLEN() on file paths,
bounded by PATH_MAX. netbeans.c: all operands are already int,
so the (int) cast is redundant and no truncation can occur.
related: #19888
closes: #19893
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: :syn sync grouphere may go beyond end of line.
Solution: Start searching for the end of region at the end of match
instead of a possibly invalid position (zeertzjq).
closes: #19896
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When a tabpanel expression returns a different number of lines on
successive evaluations, the computed row offset can become negative,
causing screen_fill() to receive an invalid start_row and crash
(after v9.1.1391).
Solution: Clamp the row argument in screen_fill_tailing_area() to zero,
add a safety check in screen_fill() for negative start_row
(Michał Majchrowicz)
Supported by AI
Co-authored-by: Michał Majchrowicz <mmajchrowicz@afine.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Request less backtracking to function-name candidates for
nonlinear patterns with any regexp engine BUT force using
the old engine with these patterns to avoid incurring an
additional penalty, according to ":syntime report", when the
new regexp engine is preferred.
fixes: #19847closes: #19849
Signed-off-by: Aliaksei Budavei <0x000c70@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: unnecessary (int) casts before alloc() calls, can cause
truncation and heap overflows (sgInnora)
Solution: Remove casts (Yasuhiro Matsumoto)
alloc() already accepts size_t, so (int) casts on size_t values are
redundant and could theoretically cause truncation on values > INT_MAX.
Remove the casts and change alloc_cmdbuff() signature from int to
size_t to match.
Note: list_alloc_with_items() keeps its int parameter since lv_len and
lv_with_items are int, and the call site already has an INT_MAX guard.
fixes: #19888closes: #19889
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Explain how stdin/stdout/stderr are connected in term_start():
- On Unix, they default to pty; only "err_cb" switches stderr to a pipe,
which may cause output order differences due to buffering.
- On MS-Windows with ConPTY, they are always pipes and stdout/stderr
share the same pipe, so "err_cb" cannot separate them.
related: #16354
Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: Test_viminfo_len_overflow() fails
Solution: Catch E342 (Yasuhiro Matsumoto).
Test_viminfo_len_overflow tries to allocate ~4GB, which may throw E342
(out of memory) depending on the platform's memory allocation behavior.
This is an acceptable outcome since the test's purpose is to verify
that Vim does not crash on a crafted viminfo entry.
closes: #19891
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: Test_netrw_FileUrlEdit.. fails on Windows
(after 3e60f03d94)
Solution: Skip the test on Windows (Yasuhiro Matsumoto).
The Test_netrw_FileUrlEdit_pipe_injection() test fails on Windows with
E303 because '|' is not a valid filename character on Windows. Since
the pipe character cannot appear in a Windows filename, the command
injection vector this test guards against does not apply on Windows.
closes: #19890
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: libvterm CSI parser does not bounds-check argi against
CSI_ARGS_MAX, allowing excess ';'-separated arguments to
write past the end of the args array (sentinel404).
Solution: Drop excess arguments.
Supported by AI
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Reading a crafted viminfo file can cause a heap buffer
overflow because the length value from getdigits() is cast to
int, truncating large size_t values
Solution: Remove the (int) cast when calling alloc() (sentinel404)
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: BSU/ESU are output directly to the terminal
Solution: Route them through out_buf() and flush the output directly,
increase the OUT_SIZE terminal buffer (Yasuhiro Matsumoto)
Route synchronized-output control sequences through out_buf and flush
explicitly at protocol boundaries, instead of forcing BSU/ESU through
ui_write() directly.
Also increase the terminal output buffer from 2047 to 8191 bytes so
large redraws are emitted in fewer writes.
The important guarantee here is terminal-visible ordering: BSU must
reach the terminal before the batched redraw bytes, ESU must reach the
terminal after them, and FLUSH must emit ESU and BSU together, then
flush immediately.
Benchmark: PTY redraw workload with TERM=xterm-256color, long wrapped
lines, cursorline, listchars, horizontal scrolling, and repeated redraw!.
write syscalls: 8514 -> 5094 (-40.2%)
wall time: 0.568s -> 0.495s (-12.9%) on valid runs in this environment
closes: #19862
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tabpanel: undefined behaviour with large tabpanelop columns
(Michał Majchrowicz)
Solution: Error out for too large column values
Co-authored-by: Michał Majchrowicz <mmajchrowicz@afine.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(vimgoto): not correctly escaping the filenames
Solution: Use fnamescape() (Michał Majchrowicz)
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(typeset) does not escape the detected directory
Solution: Use fnameescape() (Michał Majchrowicz)
fyi @lifepillar
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(context) does not escape the detected log file
Solution: Use fnameescape() (Michał Majchrowicz)
fyi @lifepillar
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: test: trailing spaces used in tests
Solution: Rewrite tests to avoid trailing spaces (Paul Ollis).
Some tests currently rely on trailing whitespace at the end of lines,
escaped with '\'. I have demonstrated in another PR, such spaces can be
inadvertently removed and this is difficult to spot.
Note: there are more trailing spaces in a few more test files, see
testdir/test_codestyle.vim. Those are not yet removed.
closes: #19838
Signed-off-by: Paul Ollis <paul@cleversheep.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: configure: Link error on Solaris
(idgn23, after v9.2.0153)
Solution: Move the check for the nsl library a bit earlier,
regenerate configure
fixes: #19803
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: memory leak in call_oc_method()
Solution: Clean up argvars in the failure case
(Huihui Huang)
closes: #19828
Signed-off-by: Huihui Huang <625173@qq.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: typeahead buffer overflow during mouse drag event
Solution: Change the guard from 5 to 10 to account for the worst case
(Yasuhiro Matsumoto).
The typeahead buffer guard in mch_inchar() only reserved 5 bytes per
iteration, but a mouse event writes up to 7 bytes (3 header + 4
coordinates) and a scroll event with modifiers writes up to 10 bytes
(3 modifier + 3 scroll + 4 coordinates). During fast mouse dragging,
3+ events could queue up and overflow the 20-byte buffer, corrupting
adjacent static variables and causing garbage bytes (including Ctrl-Z)
to be fed into the input stream, which triggered nv_suspend/ex_stop.
closes: #19851
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: unnecessary restrictions for defining dictionary function
names
Solution: Allow defining dict function with bracket key that is not a
valid identifier (thinca)
In Vim script, "function obj.func()" and "function obj['func']()" both
define a dictionary function. However, the bracket form required the
key to match function naming rules (eval_isnamec), so
"function obj['foo-bar']()" failed with E475.
Assigning and calling already work: "let obj['foo-bar'] = obj.func"
and "call obj['foo-bar']()" are valid. Only the definition was
incorrectly restricted.
Skip the identifier check when the name comes from fd_newkey (i.e. the
key was given in bracket notation). Dictionary keys may be any string.
Supported by AI
closes: #19833
Signed-off-by: thinca <thinca@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Cannot disable kitty keyboard protocol in vim :terminal
Solution: Handle "CSI <u" sequence in libvterm (Julio B).
related: v9.0.0930
closes: #19837
Signed-off-by: Julio B <julio.bacel@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: hlset() cannot handle attributes with spaces
Solution: Handle attributes with spaces by quoting those
(Yasuhiro Matsumoto).
hlset(hlget('Normal')) fails with E416 when a highlight attribute value
contains spaces (e.g. font name "Monospace 10"). hlg_add_or_update()
builds a string like "font=Monospace 10" and passes it to do_highlight(),
whose parser splits on whitespace and treats "10" as a separate key
without "=".
Fix by quoting values with single quotes (e.g. font='Monospace 10')
when the value contains spaces and the attribute is a key=value pair.
do_highlight() already supports single-quoted values.
closes: #19843
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: invalid lnum when pasting text copied blockwise
(KillTheMule)
Solution: Subtract nr_lines from curwin->w_cursor.lnum when calling
changed_lines() in do_put() (Pierluigi Lenoci)
When doing a blockwise paste beyond the end of the buffer, new lines are
appended and nr_lines is incremented accordingly. However, the
changed_lines() call used curwin->w_cursor.lnum as the "lnume" argument
(the first line below the changed lines BEFORE the change), which is
incorrect because the cursor has already been moved past the newly
appended lines.
Fix by subtracting nr_lines from curwin->w_cursor.lnum, so that lnume
correctly reflects the state before the change, as documented in
changed_lines().
Add a listener test to verify the correct values are reported.
Port of neovim/neovim#12733.
fixes: #6660closes: #19844
Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: terminal: redraws are slow (Mao-Yining)
Solution: Disable redrawing in handle_movecursor()
(Yasuhiro Matsumoto)
handle_movecursor callback was calling update_cursor() with redraw=TRUE
on every cursor move inside vterm_input_write(). This triggered
gui_mch_flush() (GdiFlush + DWriteContext_Flush) and TextChangedT
autocmd for each cursor move. ConPTY output contains ~17 cursor moves
per 4KB chunk, each flush taking ~5ms, resulting in 80-110ms per chunk.
Fix by passing FALSE to update_cursor() in handle_movecursor since
write_to_term() already calls update_cursor() with proper redraw after
vterm_input_write() finishes.
Also set vterm_screen_set_damage_merge() to VTERM_DAMAGE_SCROLL so that
damage callbacks are buffered until vterm_screen_flush_damage() instead
of being emitted per cell.
fixes: #19845closes: #19846
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When a popup window overlapping a status line is closed or
hidden, the status line is not redrawn, leaving ghost
artifacts from the popup.
Solution: popup_free() and popup_hide() call
redraw_all_later(UPD_NOT_VALID) which marks window contents
for redraw but does not set w_redr_status. The diff-based path
in may_update_popup_mask() that normally sets w_redr_status
is skipped when redrawing_all_win is TRUE. Add status_redraw_all
calls to ensure status lines are properly redrawn
(Yasuhiro Matsumoto).
closes: #19830
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tabpanel: corrupted tabpanel during scrolling causing flicker
Solution: When the tabpanel is visible, force a line-by-line redraw in
win_do_lines() similarly to popup handling (Yasuhiro Matsumoto).
When a vertical tabpanel is visible, terminal scroll operations in
win_do_lines() affect the full screen width, corrupting the tabpanel
area. The tabpanel is then redrawn via redraw_tabpanel, causing visible
flicker. Return FAIL to force line-by-line redraw instead, analogous to
the existing popup_visible check.
closes: #19832
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Hannah
Antonio Giovanni Colombo
Felix Pehla
Yasuhiro Matsumoto
zeertzjq
Peter Kenny
Christian Brabandt
Aliaksei Budavei
Hirohito Higashi
Eisuke Kawashima
RestorerZ
Thomas Braun
Koda Reef
Paul Ollis
Huihui Huang
rendcrx
thinca
Julio B
Pierluigi Lenoci