Problem: compile_nested_function() calls define_function(), which registers
the new ufunc in func_hashtab with uf_refcount == 1. For a local
nested function the caller then reserves a local lvalue and
generates a FUNCREF instruction; if either step fails, the code
jumps to the theend label and leaves the ufunc behind with
refcount 1 and no external reference, leaking it. This mirrors
patch 8.2.3951, which fixed the same leak for the "text after
:enddef" branch a few lines above.
Solution: Call func_ptr_unref() on the ufunc before "goto theend" on both
failure paths in the local-variable branch (thinca).
closes: #20394
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: thinca <thinca@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: mouse wheel scrolling does not work correctly
Solution: Use gui_mch_getmouse() to obtain the pointer position, and
add GTK_EVENT_CONTROLLER_SCROLL_DISCRETE to the scroll
controller flags (Foxe Chen).
closes: #20389
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: In the bundled libvterm the CSI 8 ; rows ; cols t sequence reaches
on_resize() without validating its arguments. Missing, zero or
negative dimensions cause a negative-size memmove() in
resize_buffer() and out-of-bounds accesses in set_lineinfo() and
DECALN, all reachable from output rendered in a terminal window
(Yukihiro Nakamura).
Solution: Reject missing, zero or negative dimensions before calling
on_resize(). Also clamp a negative cell width in on_text() as
hardening for the bundled libvterm.
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The security patch 9.2.0561 added a vim.eval() call inside
Completer.evalsource() to honor g:pythoncomplete_allow_import.
But the 'vim' module is only imported inside the outer
vimcomplete() / vimpy3complete() function, not at the script's
top level, so referring to it from a Completer method raises
NameError. The surrounding bare 'except' silently swallows
the error and leaves allow_imports at 0, meaning the opt-in
never takes effect -- 'import os' (and any other
buffer-level import) is always skipped, no candidates are
produced for 'os.<...>' and
Test_popup_and_preview_autocommand() fails on the Windows
CI matrix (Linux skips the test because Python 2 is absent).
Solution: Re-import 'vim' at the top of evalsource() in both
pythoncomplete.vim and python3complete.vim so the eval reads
the global, and set g:pythoncomplete_allow_import = 1 in the
test (it is the opt-in intended for callers that trust the
buffer contents) (thinca).
closes: #20386
Signed-off-by: thinca <thinca@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When defining a dictionary function, the function name string
is allocated with vim_strnsave() but the result is not
checked. On allocation failure the dict entry is left with
type VAR_FUNC and a NULL name, and in the overwrite case the
previous entry has already been freed before the NULL is
stored.
Solution: Allocate the name before modifying the dict entry and bail out
on failure, freeing it on all error paths (thinca)
closes: #20376
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: thinca <thinca@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: If got_int is true when win_close() is called, it unexpectedly
fails in the branch that detects failure in apply_autocmds().
This causes wingotofile in do_window() to duplicate current
window when do_ecmd() is aborted with got_int.
Solution: Fix do_window() to save the got_int value before trying to
close the split window (Yohei Kojima).
Steps to reproduce:
1. run `touch a && touch .a.swp && echo a > b && vim b`
2. Type `<C-w>f`
3. In the warning dialogue, type `a` to abort
4. Current window is duplicated
closes: #20382
Signed-off-by: Yohei Kojima <yk@y-koj.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Out-of-bounds read in update_snapshot() when a terminal cell
fills all VTERM_MAX_CHARS_PER_CELL slots (a base character
plus five combining marks): the loop over cell.chars[] has no
upper bound and libvterm leaves the array unterminated when full, so
it reads past the array and appends out-of-bounds values to a
buffer sized for only VTERM_MAX_CHARS_PER_CELL characters.
Solution: Bound the loop with i < VTERM_MAX_CHARS_PER_CELL, mirroring
the loop in handle_pushline() (Christian Brabandt).
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: tabline does not respond to mouse clicks
Solution: Connect on_select_tab() to "switch-page" to fire the tabline
event, and on_tab_reordered() to "page-reordered" to call
tabpage_move() with the new index (Foxe Chen).
closes: #20362
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK3/Wayland: crash with right mouse-button in tabline
Solution: Use gui.mainwin and get coordinates (Christoffer Aasted).
GtkNotebook (tabline) is a windowless container widget causing a
nullptr deref inside `gdk_window_get_effective_parent()` as Wayland
lacks a surface to anchor to.
fixes: #18864closes: #20348
Signed-off-by: Christoffer Aasted <dezzadk@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: filetype: Kawasaki Robots files are not recognized
Solution: Detect *.pg as kawasaki_as filetype, add filetype detection
for *.as as atlas or kawasaki_as filetype (KnoP-01).
In Kawasaki robots (https://kawasakirobotics.com/products-robots/)
AS language
*.pg is the extention for a program file and
*.as is for a complete backup.
closes: #20370
Signed-off-by: KnoP-01 <knosowski@graeffrobotics.de>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: scrollbars not shown and do not respond to clicks
(Steven A. Falco)
Solution: Use GTK_IS_SCROLLBAR and gtk_scrollbar_get_adjustment()
instead of the GtkRange equivalents, override GtkForm's
contains() to return FALSE (Yasuhiro Matsumoto).
fixes: #20307closes: #20326
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: too many strlen() in ex_substitute()
Solution: Use string_T type instead of recomputing the length
(John Marriott).
closes: #20336
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: F10 does nothing when the menubar is hidden
(lilydjwg)
Solution: Handle F10 explicitly (Yasuhiro Matsumoto).
In GTK3 (and on Windows) pressing F10 brings up the menu even when
the menubar is hidden via 'go-=m'. The GTK4 path passed F10 straight
through to Vim, so users who hide the menubar lost a way to reach it
via the keyboard.
If F10 is not currently mapped, pop up the full menubar GMenu model
as a transient GtkPopoverMenu at the top of the drawing area. A
user mapping still wins, so this only adds behaviour when F10 would
otherwise be inert.
fixes: #20259closes: #20355
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: filetype: Tolk files are not recognized
Solution: Detect *.tolk files as tolk filetype, include a syntax and
filetype plugin (redavy)
Tolk is a new-generation language for writing smart contracts on TON
blockchain, which is #1 in speed among other chains.
Reference:
https://docs.ton.org/blockchain-basics/tolk/overviewcloses: #20320
Signed-off-by: redavy <hello.redavy@proton.me>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: 'mousehide' unhides cursor when switching tabs
Solution: Only unide if the mouse actually moved (Foxe Chen).
fixes: #20346closes: #20347
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: cursor lands on the wrong line when a <Cmd> mapping or autocmd
modifies lines during insert and the strip is skipped
(after v9.2.0510)
Solution: Restore cursor to tpos when skipwhite skips the strip, instead
of leaving it at end_insert_pos (glepnir).
related: #20290
closes: #20332
Signed-off-by: glepnir <glephunter@gmail.com>
Signed-off-by: Kristijan Husak <husakkristijan@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: terminal and pty job output is not processed
Solution: When there is at least one channel with the keep_open flag,
arm a 20ms timer that calls channel_handle_events() and
parse_queued_messages(), matching the behaviour of the GTK2/3
backend (Foxe Chen).
fixes: #20345closes: #20350
Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The "%v" item in 'errorformat' interprets the reported
screen column using the buffer's 'tabstop', so the cursor
jumps to the wrong column when 'tabstop' is not 8
(vimpostor).
Solution: When resolving a "%v" column, always count a <tab> as 8
screen columns, independent of 'tabstop', matching the
column numbers reported by compilers; keep the multi-byte
handling. Also use "%v" in the gcc compiler file and
update the documentation (Hirohito Higashi).
fixes: #20321closes: #20359
Co-Authored-By: vimpostor <21310755+vimpostor@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: configure: GTK4 build requires GTK >= 4.10
Solution: Update configure script and require at least GTK 4.10 version
(Yasuhiro Matsumoto).
The GTK4 GUI uses GtkFontDialog, GtkFileDialog and GtkAlertDialog,
all introduced in GTK 4.10. Without this bump, configure passes on
systems with older GTK4 (e.g. Debian Bookworm ships 4.8) and the
build fails later in gui_gtk4.c with unknown type / implicit
function declaration errors.
fixes: #20340closes: #20360
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Popup with opacity fades to black regardless of the colorscheme
or 'background' option. With a light colorscheme (or the
default with background=light), lower opacity values darken the
popup and it no longer matches the Normal background.
Solution: Compute fallback foreground and background colors from
guifg/guibg, ctermfg/ctermbg, or deduce from the 'background' option,
and use them in the popup blending paths instead of hardcoded
white/black (Shad).
closes: #20285
Signed-off-by: Shad <shadow.walker@free.fr>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: window blank after a resize or drag
(Steven A. Falco)
Solution: In drawarea_resize_cb() keep the backing surface in sync with
the drawing area, preserving the old contents. Stop touching
the surface in gui_mch_set_text_area_pos().
Debounce gui_resize_shell() so it runs once the drag stream
settles and update_screen() can paint (Yasuhiro Matsumoto).
related: #20307
closes: #20327
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: In a :def function, redeclaring an existing variable with a
type annotation (e.g. "var x: number = 1" used twice) reports
"E488: Trailing characters" instead of the expected
"E1017: Variable already declared".
Solution: Report E1017 when the redeclaration uses a "var", "final" or
"const" command; keep E488 only for a type specified in an
assignment that has no declaration keyword (Hirohito Higashi).
fixes: #20337closes: #20341
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: ":endclass", ":endenum" and ":endinterface" can give a
"command cannot be shortened" error, because the full-name
check compares against the line start instead of the command
word.
Solution: Skip a leading colon and white space before checking the end
command name, update tests (Peter Kenny).
related: #20032
related: #20191
closes: #20253
Signed-off-by: Peter Kenny <github.com@k1w1.cyou>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: filetype: too many Bitbake include files are recognized
(Brahmajit Das, after v9.1.1732)
Solution: Tighten the pattern to detect BitBake include files, update
tests (Martin Schwan).
Be more strict when detecting BitBake inc files. In particular, only
match include keywords and variable assignments at the beginning of a
line (excluding whitespace).
Use non-capturing groups to slightly improve performance.
Use regex or-operators to exactly match BitBake assignment operators.
The previous expression would falsely match
FOO .=. "bar"
, which is not valid BitBake syntax. The new capturing group is more
specific and matches only valid assignments.
fixes: #20288closes: #20335
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: A leading space in the result of a %{} item is sometimes
stripped, and an all-digit result is converted to a number.
Solution: Add %0{} atom which inserts the expression result verbatim
(glepnir)
fixes: #3898closes: #20315
Signed-off-by: glepnir <glephunter@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: mouse popup menu does not show up at mouse pointer,
Drawing area blanks while popover is open
(lilydjwg, after v9.2.0501)
Solution: Query the pointer position, make the popover parented to the
surrounding GtkOverlay and build it from buttons instead of a
GMenu model(Yasuhiro Matsumoto)
fixes: #20255closes: #20260
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: Test_invalid_args() fails on GTK4 builds when
xterm_clipboard is not enabled
Solution: Add has('xterm_clipboard') check to the test, while at it,
also document the --display argument.
closes: #20318
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: matchit plugin is not tested
Solution: Add test_plugin_matchit, improve b:match_words for the html
filetype plugin (Andrey Starodubtsev)
`b:match_words` which contains patterns used by `matchit` plugin to find
tag's counterpath, is fixed so that matching happens using the whole
tag, not just its first letter.
Also, it allows to find matching tag in case if there are spaces or
attributes after tag name.
fixes: chrisbra/matchit#51
closes: #20313
Signed-off-by: Andrey Starodubtsev <andrey.starodubtsev@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: After CTRL-R CTRL-P (or CTRL-R CTRL-O) pastes a register
into Insert mode, a follow-up edit such as backspace makes
stop_arrow() rewrite Insstart with the post-paste cursor
position. As a result the '[ mark points at the end of the
inserted text instead of its start (agguser, after 9.2.0384)
Solution: In stop_arrow(), only pull Insstart back when the cursor
moved above the previous Insstart, so a line-start backspace
can still save the joined range (#20031) without disturbing
the start position for inserts that advance the cursor
(Hirohito Higashi).
related: #20031
fixes: #20130
closes: #20322
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK: preedit font size is wrong for fractional point sizes
Solution: Compute the font size as a double and round to the nearest
integer (Muraoka Taro).
closes: #20316
Co-authored-by: Christian Brabandt <cb@256bit.org>
Signed-off-by: Muraoka Taro <koron.kaoriya@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: After the current window changes, the vertical separator cell
on the WinBar row keeps its previous VertSplit / VertSplitNC
highlight. Content rows and status line rows of the same
window are refreshed correctly; only the WinBar row is left
behind, so the WinBar's separator no longer matches the
surrounding cells (Mao-Yining)
Solution: Include the WinBar row in draw_vsep_win() when redrawing
from the top of the window. When called with row == 0 the
loop now starts at wp->w_winrow (the WinBar row when present)
instead of W_WINROW(wp) (the content start), so the separator
highlight on the WinBar row is updated together with the rest
of the window (Hirohito Higashi).
fixes: #20304closes: #20310
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: GTK4: clipboard read returns empty after a foreign app takes
the selection (lilydjwg, after v9.2.0501)
Solution: Skip the set_content call unless gdk_clipboard_is_local()
still says we own the clipboard (Yasuhiro Matsumoto).
clipboard_changed_cb calls clip_lose_selection() which cascades into
clip_mch_lose_selection(), and that unconditionally called
gdk_clipboard_set_content(clipboard, NULL). When the signal fires
because *another* app took the selection, this re-claims ownership
with NULL content, so the next gdk_clipboard_read_text_async() returns
empty and the user sees "Nothing in register *".
fixes: #20256closes: #20261
Co-Authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: possible overflow in XIM resource handling
(Venukamatchi)
Solution: use vim_strncpy() with the buffer size
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Possible double free in fill_partial_and_closure()
(xuqing yang)
Solution: Let the caller handle the free()
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: missing out-of-memory check in ex_substitute()
Solution: Bail out in case of out-of-memory (John Marriott)
closes: #20308
Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: spell: memory leak in spell_read_dic() (after 9.2.0524).
Solution: Free "pc" before breaking out of the loop (zeertzjq).
closes: #20309
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: spell: a word in a .dic file with many postponed prefix or
compound flags overflows the fixed-size store_afflist[MAXWLEN]
buffer in get_pfxlist() and get_compflags().
Solution: Add bounds checks (Yasuhiro Matsumoto).
closes: #20286
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: no test for using shellescape() in combination with :!
Solution: Add a test that checks runtime files for using wrong
combination of shellescape() with ! ex command
This has lead to a few security relevant issues, so add a test that
checks all runtime files for any ! followed by a shellescape() that does
not use the {special} arg.
related: Commit: 3fb5e58fbc (patch 9.2.0479:
[security]: runtime(tar): command injection in tar plugin)
closes: #20286
Supported by AI
Signed-off-by: Christian Brabandt <cb@256bit.org>
thinca
Foxe Chen
Christian Brabandt
Yohei Kojima
Christoffer Aasted
Borys Lykah
Wu, Zhenyu
Mao-Yining
KnoP-01
Yasuhiro Matsumoto
John Marriott
redavy
glepnir
Hirohito Higashi
Shad
Peter Kenny
K.Takata
Martin Schwan
Andrey Starodubtsev
Muraoka Taro
zeertzjq