patch 9.0.2115: crash when callback function aborts because of recursiveness
Problem: crash when callback function aborts because of recursiveness
Solution: correctly initialize rettv
Initialize rettv in invoke_popup_callback()
Since v9.0.2030, call_callback may exit early when the callback recurses
too much. This meant that call_func, which would set rettv->v_type =
VAR_UNKNOWN, was not being called.
Without rettv->v_type being explicitly set, it still contained whatever
garbage was used to initialize the stack value in invoke_popup_callback.
This would lead to possible crashes when calling clear_tv(&rettv).
Rather than rely on action at a distance, explicitly initialize rettv's
type to VAR_UNKNOWN so clear_tv can tell nothing needs to be done.
closes: #13495
closes: #13545 Signed-off-by: James McCoy <jamessan@jamessan.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.0.2114: overflow detection not accurate when adding digits
Problem: overflow detection not accurate when adding digits
Solution: Use a helper function
Use a helper function to better detect overflows before adding integer
digits to a long or an integer variable respectively. Signal the
overflow to the caller function.
closes: #13539
Signed-off-by: Christian Brabandt <cb@256bit.org> Signed-off-by: Michael Henry <vim@drmikehenry.com> Signed-off-by: Ernie Rael <errael@raelity.com>
patch 9.0.2113: Coverity warns for another overflow in shift_line()
Problem: Coverity warns for another overflow in shift_line()
Solution: Test for INT_MAX after the if condition, cast integer values
to (long long) before multiplying.
Signed-off-by: Christian Brabandt <cb@256bit.org> Signed-off-by: Michael Henry <vim@drmikehenry.com> Signed-off-by: Ernie Rael <errael@raelity.com>
patch 9.0.2112: [security]: overflow in shift_line
Problem: [security]: overflow in shift_line
Solution: allow a max indent of INT_MAX
[security]: overflow in shift_line
When shifting lines in operator pending mode and using a very large
value, we may overflow the size of integer. Fix this by using a long
variable, testing if the result would be larger than INT_MAX and if so,
indent by INT_MAX value.
Special case: We cannot use long here, since on 32bit architectures (or
on Windows?), it typically cannot take larger values than a plain int,
so we have to use long long count, decide whether the resulting
multiplication of the shiftwidth value * amount is larger than INT_MAX
and if so, we will store INT_MAX as possible larges value in the long
long count variable.
Then we can safely cast it back to int when calling the functions to set
the indent (set_indent() or change_indent()). So this should be safe.
Add a test that when using a huge value in operator pending mode for
shifting, we will shift by INT_MAX
patch 9.0.2111: [security]: overflow in get_number
Problem: [security]: overflow in get_number
Solution: Return 0 when the count gets too large
[security]: overflow in get_number
When using the z= command, we may overflow the count with values larger
than MAX_INT. So verify that we do not overflow and in case when an
overflow is detected, simply return 0
patch 9.0.2108: [security]: overflow with count for :s command
Problem: [security]: overflow with count for :s command
Solution: Abort the :s command if the count is too large
If the count after the :s command is larger than what fits into a
(signed) long variable, abort with e_value_too_large.
Adds a test with INT_MAX as count and verify it correctly fails.
It seems the return value on Windows using mingw compiler wraps around,
so the initial test using :s/./b/9999999999999999999999999990 doesn't
fail there, since the count is wrapping around several times and finally
is no longer larger than 2147483647. So let's just use 2147483647 in the
test, which hopefully will always cause a failure
patch 9.0.2106: [security]: Use-after-free in win_close()
Problem: [security]: Use-after-free in win_close()
Solution: Check window is valid, before accessing it
If the current window structure is no longer valid (because a previous
autocommand has already freed this window), fail and return before
attempting to set win->w_closing variable.
rhysd [Tue, 14 Nov 2023 15:46:07 +0000 (16:46 +0100)]
patch 9.0.2104: wast filetype should be replaced by wat filetype
Problem: wast filetype should be replaced by wat filetype
Solution: start using the official wat filetype name
runtime: rename `wast` filetype to `wat` (Wasm text format)
The problem is the name of the current filetype wast. When the plugin
was initially created, the file extension for Wasm text format was not
fixed and .wast was more popular.
However, recently .wat became the official file extension for
WebAssembly text (WAT) format and .wast is now a file extension for the
unofficial WAST format, which is a superset of .wat for the convenience
to describe the Wasm specification conformance tests.
However for now, let's keep using the `wat` filetype even for the .wast
extension, so that we at least do not lose the filetype settings and
syntax highlighting. This can be adjusted later, if it turns out to have
a separate need for.
closes: #13533
Signed-off-by: rhysd <lin90162@yahoo.co.jp> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.0.2103: recursive callback may cause issues on some archs
Problem: recursive callback may cause issues on some archs
Solution: Decrease the limit drastically to 20
Recursive callback limit causes problems on some architectures
Since commit 47510f3d6598a1218958c03ed11337a43b73f48d we have a test
that causes a recursive popup callback function to be executed. However
it seems the current limit of 'maxfuncdepth' option value is still too
recursive for some 32bit architectures (e.g. 32bit ARM).
So instead of allowing a default limit of 100 (default value for
'maxfuncdepth'), let's reduce this limit to 20. I don't think there is a
use case where one would need such a high recursive callback limit and a
limit of 20 seems reasonable (although it is currently hard-coded).
Nir Lichtman [Sat, 11 Nov 2023 10:27:41 +0000 (11:27 +0100)]
patch 9.0.2099: win32: terminal codes clear the terminal
Problem: Terminal control codes¹ are sent even when silent
mode is on, causing the terminal to clear up
Solution: Block any terminal codes when silent mode is on
patch 9.0.2095: statusline may look different than expected
Problem: statusline may look different than expected
Solution: do not check for highlighting of stl and stlnc characters
statusline fillchar may be different than expected
If the highlighting group for the statusline for the current window
|hl-StatusLine| or the non-current window |hl-StatusLineNC| are cleared
(or do not differ from each other), than Vim will use the hard-coded
fallback values '^' (for the non-current windows) or '=' (for the
current window). I believe this was done, to make sure the statusline
will always be visible and be distinguishable from the rest of the
window.
However, this may be unexpected, if a user explicitly defined those
fillchar characters just to notice that those values are then not used
by Vim.
So, let's assume users know what they are doing and just always return
the configured stl and stlnc values. And if they want the statusline to
be non-distinguishable from the rest of the window space, so be it. It
is their responsibility and Vim shall not know better what to use.
Do not rely on the fact, that the last line matches warning, error,
inappropriate or unrecognized to determine if an error occurred. It
could also be a file, contains such a keyword.
So make the error detection slightly more strict and only assume an
error occured, if in addition to those 4 keywords, also a space matches
(this assumes the error message contains a space), which luckily on Unix
not many files match by default.
The whole if condition seems however slightly dubious. In case an error
happened, this would probably already be caught in the previous if
statement, since this checks for the return code of the tar program.
There may however be tar implementations, that do not set the exit code
for some kind of error (but print an error message)? But let's keep this
check for now, not many people have noticed this behaviour until now, so
it seems to work reasonably well anyhow.
related: #6425
fixes: #13489 Signed-off-by: Christian Brabandt <cb@256bit.org>
Sean Dewar [Sun, 5 Nov 2023 09:11:37 +0000 (09:11 +0000)]
runtime(dist): Make dist/vim.vim work properly when lacking vim9script support (#13487)
`:return` cannot be used outside of `:function` (or `:def`) in older Vims
lacking Vim9script support or in Neovim, even when evaluation is being skipped
in the dead `:else` branch.
Instead, use the pattern described in `:h vim9-mix`, which uses `:finish` to end
script processing before it reaches the vim9script stuff.
Signed-off-by: Sean Dewar <seandewar@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
D. Ben Knoble [Sat, 4 Nov 2023 09:11:17 +0000 (05:11 -0400)]
runtime(dist): centralize safe executable check and add vim library (#13413)
Follow up to 816fbcc26 (patch 9.0.1833: [security] runtime file fixes,
2023-08-31) and f7ac0ef50 (runtime: don't execute external commands when
loading ftplugins, 2023-09-06).
This puts the logic for safe executable checks in a single place, by introducing
a central vim library, so all filetypes benefit from consistency.
Notable changes:
- dist#vim because the (autoload) namespace for a new runtime support
library. Supporting functions should get documentation. It might make
life easier for NeoVim devs to make the documentation a new file
rather than cram it into existing files, though we may want
cross-references to it somewhere…
- The gzip and zip plugins need to be opted into by enabling execution
of those programs (or the global plugin_exec). This needs
documentation or discussion.
- This fixes a bug in the zig plugin: code setting s:tmp_cwd was removed
in f7ac0ef50 (runtime: don't execute external commands when loading
ftplugins, 2023-09-06), but the variable was still referenced. Since
the new function takes care of that automatically, the variable is no
longer needed.
Signed-off-by: D. Ben Knoble <ben.knoble+github@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.0.2090: complete_info() skips entries with 'noselect'
Problem: complete_info() skips entries with 'noselect'
Solution: Check, if first entry is at original text state
Unfortunately, Commit daef8c74375141974d61b85199b383017644978c
introduced a regression, that when ':set completeopt+=noselect' is set
and no completion item has been selected yet, it did not fill the
complete_info['items'] list.
This happened, because the current match item did not have the
CP_ORIGINAL_TEXT flag set and then the cp->prev pointer did point to the
original flag item, which caused the following while loop to not being
run but being skipped instead.
So when the 'noselect' is set, only start with to the previous selection
item, if the initial completion item has the CP_ORIGINAL_TEXT flag set,
else use the 2nd previous item instead.
GuyBrush [Sat, 4 Nov 2023 08:48:53 +0000 (09:48 +0100)]
patch 9.0.2089: sound_playfile() fails when using powershell
Problem: sound_playfile() fails when using powershell
Solution: quote filename using doublequotes, don't escape filename,
because it doesn't use the shell
Avoiding powershell escaping because mci open command doesn't support
single quoted filenames: open 'C:\whatever\sound.wav' is not valid.
closes: #13471
Signed-off-by: GuyBrush <miguel.barro@live.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Jiri Slaby [Sat, 4 Nov 2023 08:39:54 +0000 (09:39 +0100)]
runtime(script.vim): make strace ft check less strict (#13482)
Strace output, depending on parameters (-ttf this time), can dump both
times and pid:
1038 07:14:20.959262 execve("./e.py", ["./e.py"], 0x7ffca1422840 /* 51 vars */) = 0 <0.000150>
So loose the regexp matching this, so that the above is matched too.
Fixes #13481.
Co-authored-by: Jiri Slaby (SUSE) <jirislaby@kernel.org> Signed-off-by: Christian Brabandt <cb@256bit.org>
zeertzjq [Thu, 2 Nov 2023 20:01:19 +0000 (21:01 +0100)]
patch 9.0.2086: code cleanup for option callbacks needed
Problem: code cleanup for option callbacks needed
Solution: remove flag os_doskip, it's not necessary, as we can check,
whether an error message was returned
Remove unnecessary field os_doskip
Callback functions for boolean options set os_doskip immediately before
returning an error message, so os_doskip isn't actually needed.
closes: #13461
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Zdenek Dohnal [Thu, 2 Nov 2023 19:19:06 +0000 (20:19 +0100)]
patch 9.0.2083: Perl: xsubpp may be in non-standard location
Problem: Perl: xsubpp may be in non-standard location
Solution: Add --with-subpp configure option
configure.ac: Add --with-xsubpp configure option
Some environments (such as flatpaks) cannot count on xsubpp being
in the common Perl directory, so a configure option should be used for
clean solution.
closes: #13470
Signed-off-by: Zdenek Dohnal <zdohnal@redhat.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
James McCoy [Thu, 2 Nov 2023 19:05:38 +0000 (20:05 +0100)]
patch 9.0.2082: test_channel may fail because of IPv6 config issue
Problem: test_channel may fail because of IPv6 config issues
Solution: Catch and skip the test, if getaddrinfo() fails with
'Address family not supported'
Mark tests as skipped when ch_open encounters E901
On some of the Debian build systems, the IPv6 channel tests fail because
`ch_open('[::1]:<port>', ...)` raises the error "E901: getaddrinfo() in
channel_open(): Address family for hostname not supported".
This appears to happen because getaddrinfo() can't perform the reverse
lookup for the ::1, which is a config issue on that system. Therefore,
instead of reporting a test failure, mark the test as skipped due to the
bad network config
closes: #13473
Signed-off-by: James McCoy <jamessan@jamessan.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Luuk van Baal [Sat, 28 Oct 2023 19:43:31 +0000 (21:43 +0200)]
patch 9.0.2081: smoothscroll may result in wrong cursor position
Problem: With 'smoothscroll' set, "w_skipcol" is not reset when unsetting 'wrap'.
Resulting in incorrect calculation of the cursor position.
Solution: Reset "w_skipcol" when unsetting 'wrap'.
fixes: #12970
closes: #13439
Signed-off-by: Luuk van Baal <luukvbaal@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Completion menu may be wrong
Solution: Check for the original direction of the completion menu,
add more tests, make it work with 'noselect'
completion: move in right direction when filling completion_info()
When moving through the insert completion menu and switching directions,
we need to make sure we start at the correct position in the list and
move correctly forward/backwards through it, so that we do not skip
entries and the selected item points to the correct entry in the list
of completion entries generated by the completion_info() function.
The general case is this:
1) CTRL-X CTRL-N, we will traverse the list starting from
compl_first_match and then go forwards (using the cp->next pointer)
through the list (skipping the very first entry, which has the
CP_ORIGINAL_TEXT flag set (since that is the empty/non-selected entry
2) CTRL-X CTRL-P, we will traverse the list starting from
compl_first_match (which now points to the last entry). The previous
entry will have the CP_ORIGINAL_TEXT flag set, so we need to start
traversing the list from the second prev pointer.
There are in fact 2 special cases after starting the completion menu
with CTRL-X:
3) CTRL-N and then going backwards by pressing CTRL-P again.
compl_first_match will point to the same entry as in step 1 above,
but since compl_dir_foward() has been switched by pressing CTRL-P
to backwards we need to pretend to be in still in case 1 and still
traverse the list in forward direction using the cp_next pointer
4) CTRL-P and then going forwards by pressing CTRL-N again.
compl_first_match will point to the same entry as in step 2 above,
but since compl_dir_foward() has been switched by pressing CTRL-N
to forwards we need to pretend to be in still in case 2 and still
traverse the list in backward direction using the cp_prev pointer
For the 'noselect' case however, this is slightly different again. When
going backwards, we only need to go one cp_prev pointer back. And
resting of the direction works again slightly different. So we need to
take the noselect option into account when deciding in which direction
to iterate through the list of matches.
James McCoy [Thu, 26 Oct 2023 21:14:30 +0000 (17:14 -0400)]
runtime(debian): update debian related runtime files (#13423)
* Update Debian runtime files
Add mantic as a supported Ubuntu release and move buster/kinetic to
unsupported.
Add syntax highlighting for deb822sources filetype.
Add debsources ftplugin to set relevant comment options.
Move common version information to shared/debversions.vim
Closes #11934
Co-authored-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Co-authored-by: James Addison <jay@jp-hosting.net> Co-authored-by: Viktor Szépe <viktor@szepe.net> Signed-off-by: James McCoy <jamessan@jamessan.com>
* Add myself as codeowner for Debian-related runtime files
Signed-off-by: James McCoy <jamessan@jamessan.com>
---------
Signed-off-by: James McCoy <jamessan@jamessan.com> Co-authored-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Co-authored-by: James Addison <jay@jp-hosting.net> Co-authored-by: Viktor Szépe <viktor@szepe.net> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.0.2070: [security] disallow setting env in restricted mode
Problem: [security] disallow setting env in restricted mode
Solution: Setting environment variables in restricted mode could
potentially be used to execute shell commands. Disallow this.
restricted mode: disable allow setting of environment variables
Setting environment variables in restricted mode, may have some unwanted
consequences. So, for example by setting $GCONV_PATH in restricted mode
and then calling the iconv() function, one may be able to execute some
unwanted payload, because the `iconv_open()` function internally uses
the `$GCONV_PATH` variable to find its conversion data.
So let's disable setting environment variables, even so this is no
complete protection, since we are not clearing the existing environment.
I tried a few ways but wasn't successful :(
One could also argue to disable the iconv() function completely in
restricted mode, but who knows what other API functions can be
influenced by setting some other unrelated environment variables.
So let's leave it as it is currently.
David Leadbeater [Thu, 26 Oct 2023 20:00:34 +0000 (22:00 +0200)]
patch 9.0.2069: possible to escape bracketed paste mode with Ctrl-C
Problem: possible to escape bracketed paste mode with Ctrl-C
Solution: Do not handle Ctrl-C specially when key_protocol
is in use, makes bracketed paste mode more robust
When a key protocol is in use Ctrl-C will be sent as an escape sequence,
but a raw Ctrl-C can be sent when pasting data. Pass this through, so
that a Ctrl-C can be pasted and won't result in exiting insert mode
(where the rest of the pasted keys can cause all kind of nasty
side-effects).
Many terminals will strip control characters in paste data (and xterm
will strip ^C since version 388), but this provides some defense in
depth if users change settings like xterm's allowPasteControls.
closes: #13398
Signed-off-by: David Leadbeater <dgl@dgl.cx> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security] overflow in :history
Solution: Check that value fits into int
The get_list_range() function, used to parse numbers for the :history
and :clist command internally uses long variables to store the numbers.
However function arguments are integer pointers, which can then
overflow.
Check that the return value from the vim_str2nr() function is not larger
than INT_MAX and if yes, bail out with an error. I guess nobody uses a
cmdline/clist history that needs so many entries... (famous last words).
It is only a moderate vulnerability, so impact should be low.
Ken Takata [Wed, 25 Oct 2023 19:17:35 +0000 (21:17 +0200)]
patch 9.0.2067: xxd: coloring was disabled on Cygwin
Problem: xxd: coloring was disabled on Cygwin
Solution: don't include WIN32
xxd: Fix that color was disabled on Cygwin
"windows.h" was unintentionally included on Cygwin since 9.0.1834.
This accidentally disabled coloring on Cygwin.
Stop including "windows.h" on Cygwin.
closes: #13414
Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Ken Takata <kentkt@csc.jp>
Guido Cella [Mon, 23 Oct 2023 17:27:06 +0000 (19:27 +0200)]
patch 9.0.2063: pacman hooks are detected as conf filetype
Problem: pacman hooks are detected as conf filetype
Solution: make it consistent to pacman.conf and detect those
hooks as confini
Because confini has much better syntax highlighting than conf.
For reference, I identified pacman.conf and pacman hooks as dosini in
https://github.com/vim/vim/pull/6335, then
https://github.com/vim/vim/pull/10213 changed them to conf, then
https://github.com/vim/vim/pull/10518 changed pacman.conf to confini but
forgot to change hooks.
closes: #13399
Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Guido Cella <guido@guidocella.xyz>
Ernie Rael [Mon, 23 Oct 2023 17:08:38 +0000 (19:08 +0200)]
runtime(doc): small updates to the documentation for varargs
- update and correct the documentation for varargs for Vim9 and make
sure to mention that a <list> type is required.
- mention that 3match is used the matchparen plugin before 9.0.2054
(actually this is not correct, but before that patch, Vim used the
hardcoded id 3)
closes: #13403
closes: #13409
Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Ernie Rael <errael@raelity.com>
projects / thirdparty / vim.git / log
