Problem: libvterm: no terminal reflow support
Solution: Support for reflowing, sync libvterm to revision 843
(Cimbali)
fixes: #2865closes: #8365closes: #19863
Co-authored-by: Paul "LeoNerd" Evans <leonerd@leonerd.org.uk>
Signed-off-by: Cimbali <me@cimba.li>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: On GTK3 with client-side decorations the window opens with
wrong &columns/&lines, and each :tabnew/:tabclose cycle
shrinks the size further.
Solution: Measure and compensate for the CSD frame offset, discard
spurious configure events from tabline show/hide
(Gary Johnson).
closes: #19853
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Gary Johnson <garyjohn@spocom.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: popup: still opacity rendering issues
Solution: Fix remaining issues, see below
(Yasuhiro Matsumoto).
This PR fixes the following issues:
- Padding blend hole at wide char boundary: when a padding cell overlaps
the second half of a wide character, the right half's attr value is
unreliable. Use the left half's saved attr for blending instead.
- Wide char background split at popup boundary: when a wide character in
an upper popup straddles the edge of a lower opacity popup, both
halves got different background colors. Since terminals cannot render
different left/right background colors for a wide character, detect
the lower popup with popup_is_over_opacity() and use the non-popup
side's underlying attr for both halves.
- Wrong blend color with cterm-only highlights under 'termguicolors':
when a popup highlight has ctermbg but no guibg, bg_rgb is set to
CTERMCOLOR (not INVALCOLOR). hl_blend_attr() used this value as a real
RGB color, producing gray instead of the intended color. Use
COLOR_INVALID() to detect both INVALCOLOR and CTERMCOLOR, and fall back
to converting the cterm color number to RGB.
closes: #19943
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: spell_read_aff() uses sprintf() into a fixed-size stack buffer
without bounds checking. store_aff_word() uses STRCAT() to
append attacker-controlled strings into newword[MAXWLEN] without
checking remaining space. Both are reachable via :mkspell with
crafted .aff/.dic files (xinyi234)
Solution: Replace sprintf() with vim_snprintf() in spell_read_aff().
Replace STRCAT() with STRNCAT() with explicit remaining-space
calculation in store_aff_word().
closes: #19944
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Some patterns in tar and zip plugin tests not strict enough.
Solution: Use assert_equal() for lines that should match exactly. Match
a literal dot properly (zeertzjq).
closes: #19946
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: test_indent.vim leaves swapfiles behind
Solution: Close open buffer using :bw! instead of :close!
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Cannot handle mouseclicks in the statusline
Solution: Add the %[FuncName] statusline item to define clickable
regions with a callback function. (Yasuhiro Matsumoto)
closes: #19841
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
The regex for status line highlighting was too broad, `jjComment` lines
containing e.g. the letter 'A' followed by a space anywhere in the line
were highlighted.
related: #19879
Signed-off-by: Joël Stemmer <jstemmer@google.com>
Signed-off-by: Gregory Anders <greg@gpanders.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(tar): but with dotted path
Solution: Do not strip everything after the first dot
(Aaron Burrow)
tar#Extract was getting the extensionless basename by
stripping away everything starting with the leftmost
dot. So if a directory had a dot or the file had an
'extra' dot then the code did the wrong thing. For
example, if it was given:
/tmp/foo.bar/baz.tar.gz
Then it would treat /tmp/foo as the extensionless
basename, but it actually should have grabbed:
/tmp/foo.bar/baz
This patch fixes the issue by instead looking at the
rightmost dot(s).
This bug was discovered by ChatGPT 5.4. I wrote the
patch and tested vim.
closes: #19930
Signed-off-by: Aaron Burrow <burrows@fastmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: patch 9.2.0325: runtime(tar): bug in zstd handling
Solution: use correct --zstd argument, separated from other arguments,
rework testing framework (Aaron Burrow).
The tar.vim plugin allows vim to read and manipulate zstd archives,
but it had a bug that caused extraction attempts to fail.
Specifically, if the archive has a .tar.zst or .tzst extension, then
the code was generating invalid extraction commands that looked like
this:
tar --zstdpxf foo.tar.zst foo
When they should be like this:
tar --zstd -pxf foo.tar.zst foo
This patch changes the flag manipulation logic so that --zstd isn't
glued to pxf.
The labor for this change was divided between ChatGPT 5.4 and me.
ChatGPT 5.4 identified the issue (from a code scan?), and I wrote
the patch and tested vim.
related: #19930
Signed-off-by: Aaron Burrow <burrows@fastmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: 0x9b byte not unescaped in <Cmd> mapping (BenYip).
Solution: Translate K_CSI to CSI like what is done in vgetc().
(zeertzjq).
fixes: #19936closes: #19937
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: test_popupwin fails (after v9.2.0319)
Solution: Regenerate the dump file (Yasuhiro Matsumoto).
The reference dump for Test_popupwin_opacity_wide_2 was not updated
when patch 9.2.0319 changed the blending behavior for double-width
characters at popup padding boundaries. The covered half of a
double-width character now correctly shows a space instead of the
full character.
related: #19881
closes: #19934
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: MS-Windows: No OpenType font support
Solution: Allow specifying OpenType font features directly in 'guifont'
(Yasuhiro Matsumoto).
Allow specifying OpenType font features directly in 'guifont' using
the ':f' option (e.g., :set guifont=Cascadia_Code:h14:fss19=1:fcalt=0).
Each ':fXXXX=N' sets a single OpenType feature tag with a parameter
value. Multiple features can be specified by repeating the ':f' option.
This only takes effect when 'renderoptions' is set to use DirectWrite
(type:directx). Default features (calt, liga, clig, rlig, kern) are
preserved unless explicitly overridden.
closes: #19857
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: popup: rendering issues with partially transparent popups.
Solution: Redraw the area under the old popup position on move or
resize. Apply the background blend only to the covered half of
a double-width character. (Yasuhiro Matsumoto)
closes: #19881
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: The netbeans defineAnnoType command passes typeName, fg and bg
unsanitized to coloncmd(), allowing a malicious server to inject
arbitrary Ex commands via '|'. Similarly, specialKeys does not
validate key tokens before building a map command.
Solution: Validate typeName, fg and bg against an allowlist of safe
characters before passing them to coloncmd()
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6
Supported by AI
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: missing bound-checks
Solution: Add defensive guards against potential buffer overflow
(Yasuhiro Matsumoto)
Add bounds checking and integer overflow guards across multiple files
as a defensive measure. While these code paths are unlikely to be
exploitable in practice, the guards prevent undefined behavior in
edge cases.
- libvterm/vterm.c: use heap tmpbuffer instead of stack buffer in
vsprintf() fallback path
- channel.c: validate len in channel_consume() before mch_memmove()
- spell.c: use long instead of int for addlen to avoid signed overflow
in size_t subtraction
- alloc.c: add SIZE_MAX overflow check in ga_grow_inner() before
itemsize multiplication
- list.c: add overflow check before count * sizeof(listitem_T)
- popupwin.c: add overflow check before width * height allocation
- insexpand.c: add overflow check before compl_num_bests multiplication
- regexp_bt.c: replace sprintf() with vim_snprintf() in regprop()
- spellfile.c: use SIZE_MAX instead of LONG_MAX for allocation overflow
check
closes: #19904
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: channel: can bind to all network interfaces in ch_listen()
(after v9.2.0153)
Solution: Restrict to a valid hostname, do not allow to bind on all
network interfaces (Zdenek Dohnal).
This will prevent unintentional binding the process to public network
interfaces, and opening Vim to communication from outside network if
firewall allows it.
related: #19231
closes: #19799
Signed-off-by: Zdenek Dohnal <zdohnal@redhat.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: C-type names are marked as translatable
Solution: Use them as-is, do not translate them
(Eisuke Kawashima)
closes: #19861
Signed-off-by: Eisuke Kawashima <e-kwsm@users.noreply.github.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: redrawing logic with text properties can be improved in
win_line()
Solution: Avoid repeated sorts, use stack storage for small
properties, pre-compute whether trailing virtual text follows
(Yasuhiro Matsumoto)
closes: #19880
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
problem: unnecessary work in vim_strchr() and find_term_bykeys()
Solution: Redirect vim_strchr() to vim_strbyte() for ASCII input
Add an early exit to find_term_bykeys() using the terminal
leader table, mirroring check_termcode(). Reduces instruction
count on startup by about 27%. (Yasuhiro Matsumoto)
closes: #19902
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Missing out-of-memory check to may_get_cmd_block()
Solution: Return p unchanged in case of out-of-memory (John Marriott)
closes: #19906
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(tar): some issues with lz4 support
Solution: Fix bugs (see below) (Aaron Burrow)
The tar plugin allows users to extract files from tar archives that are
compressed with lz4. But, tar#Extract() builds malformed extraction commands
for lz4-compressed tar archives. This commit fixes three issues in that code.
The first affects archives with a .tlz4 extension and the other two affect
archives with .tar.lz4 extension (but one of these is symmetric to the issue
that .tlz4 archives had).
(1) When trying to extract .tlz4 archives the command created by
tar#Extract looked like this:
tar -I lz4pxf foo.tlz4 foo
This isn't right. It should be something like this:
tar -I lz4 -pxf foo.tlz4 foo
This was happening because tar.plugin is just substituting on the
first - in "tar -pxf". This works fine if we just add a simple flag for
extraction (eg, z for .tgz), but for lz4 we need to add "-I lz4".
I don't believe that there is an obvious good way to fix this without
reworking the way the command is generated. Probably we should collect
the command and flags separately and the flags should be stored in a
set. Then put everything together into a string just before issuing it
as an extraction command. Unfortunately, this might break things for users
because they have access to tar_extractcmd.
This patch just makes the substitution a little bit more clever so that it
does the right thing when substituting on a string like "tar -pxf".
(2) .tar.lz4 extractions had the same issue, which my patch fixes in
the same way.
(3) .tar.lz4 extractions had another issue. There was a space missing
in the command generated by tar#Extract. This meant that commands
looked like this (notice the lack of space between the archive and output
file names):
tar -I lz4pxf foo.tar.lz4foo
This patch just puts a space where it should be.
Finally, I should note that ChatGPT 5.4 initially identified this issue
in the code and generated the test cases. I reviewed the test cases,
wrote the patch, and actually ran vim against the tests (both with and
without the patch).
closes: #19925
Signed-off-by: Aaron Burrow <burrows@fastmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: dist#vim9#Open() fails to open files with spaces on Linux
because Launch() splits the command string. Also,
background GUI viewers (e.g., xdg-open) crash with SIGPIPE
when Vim destroys the default job_start() IO pipes.
Solution: Use job_start() with 'sh -c' to let the POSIX shell parse
the shellescaped quotes safely. Set 'in_io', 'out_io', and
'err_io' to 'null' to completely detach the background
process and prevent pipe crashes. Unify the Launch()
execution block across all operating systems.
closes: #19928
fixes: #19916
Signed-off-by: Furkan Sahin <furkan-dev@proton.me>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: mismatch between return types and documentation
Solution: Fix documentation, update f_err_teapot() return type to void
(Hirohito Higashi)
- Fix summary table in builtin.txt: feedkeys, foreground, setcharsearch,
term_wait, test_void, wildtrigger, ch_sendraw from non-none to none;
listener_remove and prop_add from none to Number
- Fix err_teapot in evalfunc.c: ret_number_bool to ret_void
- Fix "Return type:" in detailed doc sections (64 functions across builtin.txt,
channel.txt, terminal.txt, popup.txt, testing.txt, textprop.txt) from wrong
types to void
- Add missing "Return type: void" for prompt_setcallback and prop_add_list
closes: #19922
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When the terminal is very large, test for 9.2.0285 doesn't
trigger an ASAN error without the fix.
Solution: Use a window with fixed height (zeertzjq)
closes: #19924
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: zip plugin tests may match messages from previous test cases
when checking for warning message.
Solution: Clear messages at the start of these tests (zeertzjq).
closes: #19926
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(netrw): RFC2396 decoding double escaping spaces
(lilydjwg, after 3e60f03d94)
Solution: Remove escape() call, since we are using fnameescape() anyhow
fixes: #19913
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: void function return value inconsistent between
script and :def
Solution: Make void built-in functions like bufload() return void
consistently (Hirohito Higashi)
In Vim9 script, calling a void built-in function (e.g. bufload()) at the
script level did not set rettv to VAR_VOID, making it appear to return
0. Inside :def it correctly returned VAR_VOID and raised E1031. Set
rettv to VAR_VOID after calling a ret_void built-in function in Vim9
script so the behavior is consistent.
Also fix the documentation for bufload() and ch_logfile() to correctly
state that the return type is void.
closes: #19919
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The vimball plugin needs some love
(syndicate)
Solution: Clean-up, refactor and update the plugin,
in particular, catch path traversal attacks
This change does the following
- Clean up Indentation and remove calls to Decho
- Increase minimum Vim version to 7.4 for mkdir()
- Use mkdir() consistently
- Update Metadata Header
- Remove check for fnameescape()
- Catch path traversal attacks
- Add vimball basic tests
- Remove mentioning of g:vimball_mkdir in documentation
closes: #19921
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(zip): may write using absolute paths
(syndicate)
Solution: Detect this case and abort on Unix, warn in the documentation
about possible issues
Signed-off-by: Christian Brabandt <cb@256bit.org>
Cimbali
Yasuhiro Matsumoto
Gary Johnson
Nihaal Sangha
Christian Brabandt
zeertzjq
Joël Stemmer
Aaron Burrow
Hirohito Higashi
Maxim Kim
Stefan VanBuren
Antonin Godard
Zdenek Dohnal
Foxe Chen
Eisuke Kawashima
John Marriott
Mao-Yining
Furkan Sahin