patch 9.2.0311: redrawing logic with text properties can be improved
Problem: redrawing logic with text properties can be improved in
win_line()
Solution: Avoid repeated sorts, use stack storage for small
properties, pre-compute whether trailing virtual text follows
(Yasuhiro Matsumoto)
closes: #19880
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys()
problem: unnecessary work in vim_strchr() and find_term_bykeys()
Solution: Redirect vim_strchr() to vim_strbyte() for ASCII input
Add an early exit to find_term_bykeys() using the terminal
leader table, mirroring check_termcode(). Reduces instruction
count on startup by about 27%. (Yasuhiro Matsumoto)
closes: #19902
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0307: more mismatches between return types and documentation
Problem: more mismatches between return types and documentation
Solution: Update documentation, fix return type for remote_foreground()
and test_mswin_event() (Hirohito Higashi)
Doc summary table fixes:
- ch_info: String -> Dict
- spellbadword: String -> List
- undotree: List -> Dict
- test_getvalue: any -> Number
- instanceof, popup_filter_menu, popup_filter_yesno: Number -> Bool
- remote_foreground: Number -> none
- test_mswin_event: bool -> Bool
Detail "Return type:" fixes:
- instanceof: Number -> vim9-boolean
- remote_foreground: Number -> void
- popup_filter_menu, popup_filter_yesno: Number -> vim9-boolean
related: #19922
closes: #19923
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0306: runtime(tar): some issues with lz4 support
Problem: runtime(tar): some issues with lz4 support
Solution: Fix bugs (see below) (Aaron Burrow)
The tar plugin allows users to extract files from tar archives that are
compressed with lz4. But, tar#Extract() builds malformed extraction commands
for lz4-compressed tar archives. This commit fixes three issues in that code.
The first affects archives with a .tlz4 extension and the other two affect
archives with .tar.lz4 extension (but one of these is symmetric to the issue
that .tlz4 archives had).
(1) When trying to extract .tlz4 archives the command created by
tar#Extract looked like this:
tar -I lz4pxf foo.tlz4 foo
This isn't right. It should be something like this:
tar -I lz4 -pxf foo.tlz4 foo
This was happening because tar.plugin is just substituting on the
first - in "tar -pxf". This works fine if we just add a simple flag for
extraction (eg, z for .tgz), but for lz4 we need to add "-I lz4".
I don't believe that there is an obvious good way to fix this without
reworking the way the command is generated. Probably we should collect
the command and flags separately and the flags should be stored in a
set. Then put everything together into a string just before issuing it
as an extraction command. Unfortunately, this might break things for users
because they have access to tar_extractcmd.
This patch just makes the substitution a little bit more clever so that it
does the right thing when substituting on a string like "tar -pxf".
(2) .tar.lz4 extractions had the same issue, which my patch fixes in
the same way.
(3) .tar.lz4 extractions had another issue. There was a space missing
in the command generated by tar#Extract. This meant that commands
looked like this (notice the lack of space between the archive and output
file names):
tar -I lz4pxf foo.tar.lz4foo
This patch just puts a space where it should be.
Finally, I should note that ChatGPT 5.4 initially identified this issue
in the code and generated the test cases. I reviewed the test cases,
wrote the patch, and actually ran vim against the tests (both with and
without the patch).
closes: #19925
Signed-off-by: Aaron Burrow <burrows@fastmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
runtime(vim9): Fix dist#vim9#Open() spaced paths and SIGPIPE crashes
Problem: dist#vim9#Open() fails to open files with spaces on Linux
because Launch() splits the command string. Also,
background GUI viewers (e.g., xdg-open) crash with SIGPIPE
when Vim destroys the default job_start() IO pipes.
Solution: Use job_start() with 'sh -c' to let the POSIX shell parse
the shellescaped quotes safely. Set 'in_io', 'out_io', and
'err_io' to 'null' to completely detach the background
process and prevent pipe crashes. Unify the Launch()
execution block across all operating systems.
closes: #19928
fixes: #19916
Signed-off-by: Furkan Sahin <furkan-dev@proton.me> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0305: mismatch between return types and documentation
Problem: mismatch between return types and documentation
Solution: Fix documentation, update f_err_teapot() return type to void
(Hirohito Higashi)
- Fix summary table in builtin.txt: feedkeys, foreground, setcharsearch,
term_wait, test_void, wildtrigger, ch_sendraw from non-none to none;
listener_remove and prop_add from none to Number
- Fix err_teapot in evalfunc.c: ret_number_bool to ret_void
- Fix "Return type:" in detailed doc sections (64 functions across builtin.txt,
channel.txt, terminal.txt, popup.txt, testing.txt, textprop.txt) from wrong
types to void
- Add missing "Return type: void" for prompt_setcallback and prop_add_list
closes: #19922
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0304: tests: test for 9.2.0285 doesn't always fail without the fix
Problem: When the terminal is very large, test for 9.2.0285 doesn't
trigger an ASAN error without the fix.
Solution: Use a window with fixed height (zeertzjq)
closes: #19924
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0303: tests: zip plugin tests don't check for warning message properly
Problem: zip plugin tests may match messages from previous test cases
when checking for warning message.
Solution: Clear messages at the start of these tests (zeertzjq).
closes: #19926
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(netrw): RFC2396 decoding double escaping spaces
(lilydjwg, after 3e60f03d942d6bb0f7eac)
Solution: Remove escape() call, since we are using fnameescape() anyhow
patch 9.2.0301: Vim9: void function return value inconsistent
Problem: Vim9: void function return value inconsistent between
script and :def
Solution: Make void built-in functions like bufload() return void
consistently (Hirohito Higashi)
In Vim9 script, calling a void built-in function (e.g. bufload()) at the
script level did not set rettv to VAR_VOID, making it appear to return
0. Inside :def it correctly returned VAR_VOID and raised E1031. Set
rettv to VAR_VOID after calling a ret_void built-in function in Vim9
script so the behavior is consistent.
Also fix the documentation for bufload() and ch_logfile() to correctly
state that the return type is void.
patch 9.2.0300: The vimball plugin needs some love
Problem: The vimball plugin needs some love
(syndicate)
Solution: Clean-up, refactor and update the plugin,
in particular, catch path traversal attacks
This change does the following
- Clean up Indentation and remove calls to Decho
- Increase minimum Vim version to 7.4 for mkdir()
- Use mkdir() consistently
- Update Metadata Header
- Remove check for fnameescape()
- Catch path traversal attacks
- Add vimball basic tests
- Remove mentioning of g:vimball_mkdir in documentation
patch 9.2.0299: runtime(zip): may write using absolute paths
Problem: runtime(zip): may write using absolute paths
(syndicate)
Solution: Detect this case and abort on Unix, warn in the documentation
about possible issues
patch 9.2.0296: Redundant and incorrect integer pointer casts in drawline.c
Problem: Currently `colnr_T` and `int` and the same type, so casting
`int *` to `colnr_T *` is redundant. Additionally, even if
they are changed to different types in the future, these casts
are incorrect as they won't work on big-endian platforms.
Solution: Remove the casts. Also fix two cases of passing false instead
of 0 to an integer argument (zeertzjq).
related: #19672
closes: #19907
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0295: 'showcmd' shows wrong Visual block size with 'linebreak'
Problem: 'showcmd' shows wrong Visual block size with 'linebreak' after
end char (after 7.4.467).
Solution: Exclude 'linebreak' from end position. Also fix confusing test
function names.
closes: #19908
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0294: if_lua: lua interface does not work with lua 5.5
Problem: if_lua: lua interface does not work with lua 5.5
(Lyderic Landry)
Solution: Use the new lua API `luaL_openselectedlibs()`
(Yee Cheng Chin)
Lua 5.5 removed the API function `openlibs` with `openselectedlibs`,
with `luaL_openlibs` replaced by a macro that just calls the new
`luaL_openselectedlibs` in the headers (see lua/lua@d738c8d18). This
broke Vim's dynamic Lua build as we try to redefine `luaL_openlibs`
ourselves and also this function can no longer be loaded from the lib.
Update the code to use the new API call instead to fix the issue.
fixes: #19814
closes: #19842
closes: #19909
Signed-off-by: Yee Cheng Chin <ychin.git@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0293: :packadd may lead to heap-buffer-overflow
Problem: :packadd may lead to heap-buffer-overflow when all entries in
'runtimepath' have the same length (after 9.2.0291).
Solution: Check for comma after current entry properly (zeertzjq).
related: #19854
closes: #19911
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0292: E340 internal error when using method call on void value
Problem: E340 internal error when using method call on void value
(Peter Kenny)
Solution: Check for void value (Hirohito Higashi)
Using a method call on a void return value (e.g. "echo F()->empty()"
where F() returns void) caused an internal error E340. Now it properly
reports E1031 or E1186 depending on the context.
Changes:
- eval.c: check for void value before -> method call at runtime
- vim9expr.c: check for void type before -> method call at compile time
- vim9execute.c: check for void value in builtin function arguments and in
ISN_STORE
fixes: #19897
closes: #19912
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
John Marriott [Fri, 3 Apr 2026 15:08:48 +0000 (15:08 +0000)]
patch 9.2.0291: too many strlen() calls
Problem: too many strlen() calls
Solution: refactor concat_fname() and remove calls to strlen()
(John Marriott)
Function `concat_fnames()` can make up to 5 calls to `STRLEN()` (either
directly or indirectly via `STRCAT()`). In many cases the lengths of
arguments `fname1` and/or `fname2` are either known or can simply be
calculated.
This Commit refactors this function to accept the lengths of arguments
`fname1` and `fname2` as arguments. It also adds new argument `ret` to
return the resulting string as a `string_T`.
Additionally:
- function `add_pack_dir_to_rtp()` in `scriptfile.c`:
Use a `string_T` to store local variables `new_rtp` and `afterdir`.
Replace calls to `STRCAT()` with calls to `STRCPY()`.
Change type of variable `keep` to `size_t` for consistency with
other lengths.
- function `qf_get_fnum()` in `quickfix.c`:
Use a `string_T` to store local variables `ptr` and `bufname`
- function `qf_push_dir()` in `quickfix.c`:
Use a `string_T` to store local variable `dirname`.
Replace call to `vim_strsave()` with `vim_strnsave()`.
- function `qf_guess_filepath()` in `quickfix.c`:
Use a `string_T` to store local variable `fullname`.
- function `make_percent_swname()` in `memline.c`:
Rename some variables to better reflect their use.
Use a `string_T` to store local variables `d` and `fixed_name`.
Slightly refactor to remove need to create an extra string.
- function `get_file_in_dir()` in `memline.c`:
Use a `string_T` to store local variables `tail` and `retval`.
Move some variables closer to where they are used.
- function `cs_resolve_file()` in `if_cscope.c`:
Use a `string_T` to store local variable `csdir`.
Remove one call to `STRLEN()`.
- function `add_pathsep()` in `filepath.c`:
Refactor and remove 1 call to `STRLEN()`
- function `set_init_xdg_rtp()` in `option.c`:
Use a `string_T` to store local variable `vimrc_xdg`.
closes: #19854
Co-authored-by: Christian Brabandt <cb@256bit.org> Signed-off-by: John Marriott <basilisk@internode.on.net> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Amiga: no support for AmigaOS 3.x
Solution: Add support for building Vim on classic AmigaOS 3.x with the
bebbo cross-compiler and libnix (-noixemul) runtime
(Duncan Bowring).
The existing Make_ami.mak targets AmigaOS 4 (clib2), AROS, and MorphOS.
This patch adds a fourth target for classic 68k AmigaOS 3.x systems
(A1200, A4000, accelerated A500/A2000) using:
```
make -f Make_ami.mak UNM=AmigaOS3 BUILD=normal
```
Changes:
os_amiga.c:
- Add 256 KiB __stack cookie for OS3 (conservative for limited RAM)
- Add safe_Lock() wrapper to suppress "Please insert volume" system
requesters during path probing (benefits all Amiga targets)
- Suppress system requesters globally in mch_init() via pr_WindowPtr=-1
(Vim probes many paths at startup; Lock()/Open() on non-existent
volume names triggers blocking system requesters)
- Fix mch_get_host_name() for OS3 (libnix has no gethostname)
- Fix Delay() prototype for non-LATTICE compilers
- Fix nilfh file handle leak on error exit in mch_check_win()
os_amiga.h:
- Add fchown/fchmod/ftruncate no-op stubs for OS3/libnix
os_amiga_stubs.c (new):
- IM function stubs (referenced by optiondefs.h, no X11 on Amiga)
- mch_rmdir() via AmigaDOS DeleteFile()
- getpwuid()/getgrgid()/getuid() stubs (single-user system)
Make_ami.mak:
- Add AmigaOS3 target with -noixemul, -std=gnu99, -DWORDS_BIGENDIAN
blowfish.c:
- Accept WORDS_BIGENDIAN or AMIGA without requiring HAVE_CONFIG_H
xdiff/xmacros.h:
- Make SIZE_MAX fallback unconditional (not just hpux/VMS)
All OS3-specific changes are guarded by:
#if defined(__GNUC__) && defined(AMIGA) && !defined(__amigaos4__)
Tested on FS-UAE with Workbench 3.1: 23 automated tests passing.
Binary size: 2.2 MiB with -Os -m68020 -DFEAT_NORMAL.
This is the first modern Vim build for classic 68k AmigaOS since
Vim 5.8 circa 1998. Vim was originally released on the Amiga
(Fred Fish Disk 591, 1991).
closes: #19840
Signed-off-by: Duncan Bowring <duncan@bowring.us> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0289: 'linebreak' may lead to wrong Visual block highlighting
Problem: 'linebreak' may lead to wrong Visual block highlighting when
end char occupies multiple cells (after 7.4.467).
Solution: Exclude 'linebreak' from the ending column instead of setting
'virtualedit' temporarily (zeertzjq).
fixes: #19898
closes: #19900
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
runtime(doc): adjust :h 'autowrite' and :h 'autowriteall'
- Don't go over 78 columns.
- Change the first "and" to "or", as "or" is used below.
- Change "takes one" to "switches", as "one" may be mistaken as
referring to the command instead of the user.
- Use backticks in :h 'autowriteall' like in :h 'autowrite'.
closes: #19859
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0288: libvterm: signed integer overflow parsing long CSI args
Problem: Accumulating CSI argument digits without an upper bound causes
signed integer overflow when the argument exceeds LONG_MAX.
Solution: Clamp CSI argument accumulation to CSI_ARG_MISSING to prevent
signed integer overflow (Yasuhiro Matsumoto).
closes: #19894
Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0286: still some unnecessary (int) casts in alloc()
Problem: still some unnecessary (int) casts in alloc()
Solution: Remove more unnecessary (int) casts before alloc() calls
(Yasuhiro Matsumoto).
Follow-up to patch 9.2.0283. Remove remaining (int) casts in
vim9script.c and netbeans.c.
vim9script.c: lengths are derived from STRLEN() on file paths,
bounded by PATH_MAX. netbeans.c: all operands are already int,
so the (int) cast is redundant and no truncation can occur.
related: #19888
closes: #19893
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0285: :syn sync grouphere may go beyond end of line
Problem: :syn sync grouphere may go beyond end of line.
Solution: Start searching for the end of region at the end of match
instead of a possibly invalid position (zeertzjq).
closes: #19896
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0284: tabpanel: crash when tabpanel expression returns variable line count
Problem: When a tabpanel expression returns a different number of lines on
successive evaluations, the computed row offset can become negative,
causing screen_fill() to receive an invalid start_row and crash
(after v9.1.1391).
Solution: Clamp the row argument in screen_fill_tailing_area() to zero,
add a safety check in screen_fill() for negative start_row
(Michał Majchrowicz)
Supported by AI
Co-authored-by: Michał Majchrowicz <mmajchrowicz@afine.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
runtime(sh): Keep function name patterns engine neutral
Request less backtracking to function-name candidates for
nonlinear patterns with any regexp engine BUT force using
the old engine with these patterns to avoid incurring an
additional penalty, according to ":syntime report", when the
new regexp engine is preferred.
fixes: #19847
closes: #19849
Signed-off-by: Aliaksei Budavei <0x000c70@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
runtime(doc): clarify term_start() I/O behavior for Unix pty and MS-Windows ConPTY
Explain how stdin/stdout/stderr are connected in term_start():
- On Unix, they default to pty; only "err_cb" switches stderr to a pipe,
which may cause output order differences due to buffering.
- On MS-Windows with ConPTY, they are always pipes and stdout/stderr
share the same pipe, so "err_cb" cannot separate them.
Test_viminfo_len_overflow tries to allocate ~4GB, which may throw E342
(out of memory) depending on the platform's memory allocation behavior.
This is an acceptable outcome since the test's purpose is to verify
that Vim does not crash on a crafted viminfo entry.
closes: #19891
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0281: tests: Test_netrw_FileUrlEdit.. fails on Windows
Problem: tests: Test_netrw_FileUrlEdit.. fails on Windows
(after 3e60f03d942d6bb0f7)
Solution: Skip the test on Windows (Yasuhiro Matsumoto).
The Test_netrw_FileUrlEdit_pipe_injection() test fails on Windows with
E303 because '|' is not a valid filename character on Windows. Since
the pipe character cannot appear in a Windows filename, the command
injection vector this test guards against does not apply on Windows.
closes: #19890
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
Problem: libvterm CSI parser does not bounds-check argi against
CSI_ARGS_MAX, allowing excess ';'-separated arguments to
write past the end of the args array (sentinel404).
Solution: Drop excess arguments.
patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
Problem: Reading a crafted viminfo file can cause a heap buffer
overflow because the length value from getdigits() is cast to
int, truncating large size_t values
Solution: Remove the (int) cast when calling alloc() (sentinel404)
Problem: tests: test_modeline.vim fails (after v9.2.0276)
Solution: Rewrite the tests to use the existing s:modeline_fails()
function, update documentation (zeertzjq).
Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: modeline security bypass
Solution: disallow mapset() from secure mode, set the P_MLE flag for the
'complete', 'guitabtooltip' and 'printheader' options.
patch 9.2.0274: BSU/ESU are output directly to the terminal
Problem: BSU/ESU are output directly to the terminal
Solution: Route them through out_buf() and flush the output directly,
increase the OUT_SIZE terminal buffer (Yasuhiro Matsumoto)
Route synchronized-output control sequences through out_buf and flush
explicitly at protocol boundaries, instead of forcing BSU/ESU through
ui_write() directly.
Also increase the terminal output buffer from 2047 to 8191 bytes so
large redraws are emitted in fewer writes.
The important guarantee here is terminal-visible ordering: BSU must
reach the terminal before the batched redraw bytes, ESU must reach the
terminal after them, and FLUSH must emit ESU and BSU together, then
flush immediately.
Benchmark: PTY redraw workload with TERM=xterm-256color, long wrapped
lines, cursorline, listchars, horizontal scrolling, and repeated redraw!.
write syscalls: 8514 -> 5094 (-40.2%)
wall time: 0.568s -> 0.495s (-12.9%) on valid runs in this environment
closes: #19862
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
Problem: 'tabpanel' can be set in a modeline
Solution: Set the P_MLE flag for the 'tabpanel' option, disable
autocmd_add()/autocomd_delete() functions in restricted/secure
mode.
Paul Ollis [Sun, 29 Mar 2026 14:21:11 +0000 (14:21 +0000)]
patch 9.2.0270: test: trailing spaces used in tests
Problem: test: trailing spaces used in tests
Solution: Rewrite tests to avoid trailing spaces (Paul Ollis).
Some tests currently rely on trailing whitespace at the end of lines,
escaped with '\'. I have demonstrated in another PR, such spaces can be
inadvertently removed and this is difficult to spot.
Note: there are more trailing spaces in a few more test files, see
testdir/test_codestyle.vim. Those are not yet removed.
closes: #19838
Signed-off-by: Paul Ollis <paul@cleversheep.org> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0266: typeahead buffer overflow during mouse drag event
Problem: typeahead buffer overflow during mouse drag event
Solution: Change the guard from 5 to 10 to account for the worst case
(Yasuhiro Matsumoto).
The typeahead buffer guard in mch_inchar() only reserved 5 bytes per
iteration, but a mouse event writes up to 7 bytes (3 header + 4
coordinates) and a scroll event with modifiers writes up to 10 bytes
(3 modifier + 3 scroll + 4 coordinates). During fast mouse dragging,
3+ events could queue up and overflow the 20-byte buffer, corrupting
adjacent static variables and causing garbage bytes (including Ctrl-Z)
to be fed into the input stream, which triggered nv_suspend/ex_stop.
closes: #19851
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
thinca [Sat, 28 Mar 2026 10:07:27 +0000 (10:07 +0000)]
patch 9.2.0265: unnecessary restrictions for defining dictionary function names
Problem: unnecessary restrictions for defining dictionary function
names
Solution: Allow defining dict function with bracket key that is not a
valid identifier (thinca)
In Vim script, "function obj.func()" and "function obj['func']()" both
define a dictionary function. However, the bracket form required the
key to match function naming rules (eval_isnamec), so
"function obj['foo-bar']()" failed with E475.
Assigning and calling already work: "let obj['foo-bar'] = obj.func"
and "call obj['foo-bar']()" are valid. Only the definition was
incorrectly restricted.
Skip the identifier check when the name comes from fd_newkey (i.e. the
key was given in bracket notation). Dictionary keys may be any string.
patch 9.2.0263: hlset() cannot handle attributes with spaces
Problem: hlset() cannot handle attributes with spaces
Solution: Handle attributes with spaces by quoting those
(Yasuhiro Matsumoto).
hlset(hlget('Normal')) fails with E416 when a highlight attribute value
contains spaces (e.g. font name "Monospace 10"). hlg_add_or_update()
builds a string like "font=Monospace 10" and passes it to do_highlight(),
whose parser splits on whitespace and treats "10" as a separate key
without "=".
Fix by quoting values with single quotes (e.g. font='Monospace 10')
when the value contains spaces and the attribute is a key=value pair.
do_highlight() already supports single-quoted values.
closes: #19843
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Pierluigi Lenoci [Fri, 27 Mar 2026 15:49:27 +0000 (15:49 +0000)]
patch 9.2.0262: invalid lnum when pasting text copied blockwise
Problem: invalid lnum when pasting text copied blockwise
(KillTheMule)
Solution: Subtract nr_lines from curwin->w_cursor.lnum when calling
changed_lines() in do_put() (Pierluigi Lenoci)
When doing a blockwise paste beyond the end of the buffer, new lines are
appended and nr_lines is incremented accordingly. However, the
changed_lines() call used curwin->w_cursor.lnum as the "lnume" argument
(the first line below the changed lines BEFORE the change), which is
incorrect because the cursor has already been moved past the newly
appended lines.
Fix by subtracting nr_lines from curwin->w_cursor.lnum, so that lnume
correctly reflects the state before the change, as documented in
changed_lines().
Add a listener test to verify the correct values are reported.
Port of neovim/neovim#12733.
fixes: #6660
closes: #19844
Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: terminal: redraws are slow (Mao-Yining)
Solution: Disable redrawing in handle_movecursor()
(Yasuhiro Matsumoto)
handle_movecursor callback was calling update_cursor() with redraw=TRUE
on every cursor move inside vterm_input_write(). This triggered
gui_mch_flush() (GdiFlush + DWriteContext_Flush) and TextChangedT
autocmd for each cursor move. ConPTY output contains ~17 cursor moves
per 4KB chunk, each flush taking ~5ms, resulting in 80-110ms per chunk.
Fix by passing FALSE to update_cursor() in handle_movecursor since
write_to_term() already calls update_cursor() with proper redraw after
vterm_input_write() finishes.
Also set vterm_screen_set_damage_merge() to VTERM_DAMAGE_SCROLL so that
damage callbacks are buffered until vterm_screen_flush_damage() instead
of being emitted per cell.
fixes: #19845
closes: #19846
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0260: statusline not redrawn after closing a popup window
Problem: When a popup window overlapping a status line is closed or
hidden, the status line is not redrawn, leaving ghost
artifacts from the popup.
Solution: popup_free() and popup_hide() call
redraw_all_later(UPD_NOT_VALID) which marks window contents
for redraw but does not set w_redr_status. The diff-based path
in may_update_popup_mask() that normally sets w_redr_status
is skipped when redrawing_all_win is TRUE. Add status_redraw_all
calls to ensure status lines are properly redrawn
(Yasuhiro Matsumoto).
closes: #19830
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
Problem: tabpanel: corrupted tabpanel during scrolling causing flicker
Solution: When the tabpanel is visible, force a line-by-line redraw in
win_do_lines() similarly to popup handling (Yasuhiro Matsumoto).
When a vertical tabpanel is visible, terminal scroll operations in
win_do_lines() affect the full screen width, corrupting the tabpanel
area. The tabpanel is then redrawn via redraw_tabpanel, causing visible
flicker. Return FAIL to force line-by-line redraw instead, analogous to
the existing popup_visible check.
closes: #19832
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Shane Harper [Thu, 26 Mar 2026 20:46:52 +0000 (20:46 +0000)]
patch 9.2.0257: unnecessary memory allocation in set_callback()
Problem: Unnecessary memory allocation in set_callback(); after
set_callback(), callers must manually free the source
callback's name if cb_free_name is set.
Solution: Refactor set_callback() to re-use the callback name when
possible to avoid extra memory allocations and clean up so the
callers do not have to take care themselves (Shane Harper).
closes: #19831
Signed-off-by: Shane Harper <shane@shaneharper.net> Signed-off-by: Christian Brabandt <cb@256bit.org>
zeertzjq [Thu, 26 Mar 2026 20:38:39 +0000 (20:38 +0000)]
patch 9.2.0256: visual selection size not shown in showcmd during test
Problem: The visual selection size is not displayed in the showcmd area
when entering visual mode from a script or mapping, because
char_avail() incorrectly reports input as pending. This causes
test failure on CI with the ASAN CI runner.
Solution: Replace char_avail() with explicit checks for an empty stuff
buffer, empty typeahead buffer, and not running a script
(zeertzjq).
related: #19801
closes: #19824
Co-authored-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
Problem: tests: Test_popup_opacity_vsplit() fails in a wide terminal
(after v9.2.0230)
Solution: Reduce terminal window size to 60, force termguicolors to make
the opacity visible; enable termguicolors so that the opacity
is visually apparent in the screen dump.
Sean Dewar [Thu, 26 Mar 2026 20:21:46 +0000 (20:21 +0000)]
patch 9.2.0254: w_locked can be bypassed when setting recursively
Problem: w_locked can be bypassed when recursively set if not restored
to its prior value.
Solution: Rather than save/restore everywhere, just make it a count,
like other locks (Sean Dewar)
Requires the previous commit, otherwise b_nwindows will be wrong in
tests, which causes a bunch of weird failures.
closes: #19728
Signed-off-by: Sean Dewar <6256228+seandewar@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Sean Dewar [Thu, 26 Mar 2026 20:16:09 +0000 (20:16 +0000)]
patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
Problem: close_buffer() callers incorrectly handle b_nwindows,
especially after nasty autocmds, allowing it to go
out-of-sync. May lead to buffers that can't be unloaded, or
buffers that are prematurely freed whilst displayed.
Solution: Modify close_buffer() and review its callers; let them
decrement b_nwindows if it didn't unload the buffer. Remove
some now unneeded workarounds like 8.2.2354, 9.1.0143,
9.1.0764, which didn't always work (Sean Dewar)
close_buffer() now doesn't decrement b_nwindows when not unloading buf, or when
buf isn't w_buffer after autocmds (they would've already decremented it).
Callers are now expected to decrement b_nwindows if w_buffer is not NULL after
close_buffer(), and when still intending to switch buffers or close win, for two
reasons:
- close_buffer() autocmds may have switched buffers. The new w_buffer's
b_nwindows would also need decrementing.
- After close_buffer(), callers may opt to not switch w_buffer or close win.
b_nwindows would need to be incremented again. (unless w_buffer is NULL from
being unloaded; callers are already forced to find a new buffer then)
These were the main causes of b_nwindows bugs, as these cases could not be
reliably detected, and went largely unhandled.
NOTE: if close_buffer() autocmds switch buffers, close_buffer() is not called
for that new buffer before decrementing b_nwindows. This may skip side-effects
like from 'bufhidden', but I think it's mostly harmless, and was already
happening in other places.
Let's see how this goes... Other details: (I have lots to say!)
It's OK to pass a win to close_buffer() that isn't showing buf (used by
set_curbuf()). In that case, we skip some side-effects and don't decrement
b_nwindows, but may still unload buf if hidden.
buf_freeall() now returns whether it freed anything. Removes some repeated
checks in close_buffer().
Preserve close_buffer()'s behaviour when called by win_free_popup() after its
popup was already removed from the window list. This made win_valid_any_tab()
return FALSE, so we skip things that originally checked it in that case.
Add "set_context" to close_buffer() to preserve do_ecmd()'s behaviour of only
setting b_last_cursor and/or calling buflist_setfpos() when not splitting
(see 7.2.041: https://groups.google.com/g/vim_dev/c/ZGgNvaylNzI/m/WHxjhnuxqB0J)
Without this, Test_marks_cmd() fails from its ' mark differing. Don't use
oldwin though; it's not always the window with the closed buf, especially
after BufLeave autocmds in do_ecmd(). Also, only set context if win is really
displaying buf.
Don't bail in do_ecmd() if buf was deleted but curwin->w_buffer is NULL; that
leaves curwin open to a NULL buffer! Use lastbuf instead, like set_curbuf().
I don't think it's possible for buf to be deleted by close_buffer() anyway, as
b_locked was set (which I can't see a way to bypass, unlike b_locked_split).
Maybe such checks can be removed, but I'd rather not risk that here.
Don't set curwin to previouswin in set_curbuf(); shouldn't be needed, otherwise
may lead to curbuf != curwin->w_buffer if autocmds switch to a window showing
buf, as that skips enter_buffer()? Was introduced back in 7.3.557 to avoid
cases where autocmds switch windows, possibly leaving previouswin with a NULL
buffer. Since 7.4.2312 and 7.4.2328, close_buffer() and buf_freeall() already
handles this. I've added an assert() as a sanity check anyway.
In free_all_mem(), set b_nwindows to 0 before close_buffer() so buffers can be
wiped if still in a window before win_free_all(). Needed as close_buffer() now
skips unloading buffers that aren't hidden if win is NULL. If it's possible for
free_all_mem()'s :tabonly! and :only! to not close all windows before freeing,
then this issue was also previously possible if b_nwindows > 1.
related: #19728
Signed-off-by: Sean Dewar <6256228+seandewar@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Sean Dewar [Thu, 26 Mar 2026 20:05:31 +0000 (20:05 +0000)]
patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
Problem: if close_buffer() in set_curbuf() unloads curbuf, NULL pointer
accesses may occur from enter_buffer() calling
end_visual_mode(), as curbuf is already abandoned and possibly
unloaded. Also, selection registers may not contain the
selection with clipboard+=autoselect(plus).
Solution: Move close_buffer()'s end_visual_mode() call to buf_freeall(), after
any autocmds that may restart it, but just before freeing anything
(Sean Dewar)
related: #19728
Signed-off-by: Sean Dewar <6256228+seandewar@users.noreply.github.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0251: Link error when building without channel feature
Problem: Compile error when building without channel feature
(John Marriott, after v9.2.0250)
Solution: Update ifdefs and move implementation out of FEAT_JOB_CHANNEL
(Yasuhiro Matsumoto)
Move build_argv_from_list() and mch_get_cmd_output_direct() out of
FEAT_JOB_CHANNEL guards so that system() with a List argument works
in builds that have FEAT_EVAL but not FEAT_JOB_CHANNEL (e.g.
FEAT_NORMAL without GUI).
related: #19791
closes: #19826
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0250: system() does not support bypassing the shell
Problem: system() and systemlist() only accept a String, requiring
manual shell escaping for arguments with special characters.
Solution: Accept a List as the first argument and execute the command
bypassing the shell (Yasuhiro Matsumoto).
fixes: #19789
closes: #19791
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
patch 9.2.0248: json_decode() is not strict enough
Problem: json_decode() accepted keywords case-insensitively, violating
RFC 7159. Both json_decode() and js_decode() silently accepted
lone surrogates, which are invalid Unicode.
Solution: Only allow lowercase keyword in json_decode(), reject lone
surrogates, improve encoding performance in write_string() and
blob byte serialization.
1. Fix surrogate pair range check (0xDFFF -> 0xDBFF) so only high
surrogates trigger pair decoding. Reject lone surrogates that do
not form a valid pair instead of producing invalid UTF-8.
2. Use case-sensitive matching for JSON keywords (true, false, null,
NaN, Infinity) in json_decode() per RFC 7159. js_decode() retains
case-insensitive behavior.
3. Replace double ga_append() calls for escape sequences with single
GA_CONCAT_LITERAL() calls, halving function call and buffer growth
check overhead.
4. Replace vim_snprintf_safelen() for blob byte encoding (0-255) with
direct digit conversion.
closes: #19807
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Hirohito Higashi [Wed, 25 Mar 2026 20:12:28 +0000 (20:12 +0000)]
patch 9.2.0247: popup: popups may not wrap as expected
Problem: popup: popups may not wrap as expected
(Enrico Maria De Angelis, after v9.1.0949)
Solution: don't shift popupwin left when 'wrap' is on and maxwidth is
set (Hirohito Higashi)
When a non-fixed popup with 'wrap' enabled and an explicit maxwidth was
placed near the right edge of the screen, the shift-left logic increased
maxwidth beyond the user-specified value, preventing text from wrapping.
Instead cap the shift amount so that maxwidth does not exceed w_maxwidth
when wrapping is enabled, letting text wrap as expected.
fixes: #19767
closes: #19809
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
Hirohito Higashi [Wed, 25 Mar 2026 19:38:51 +0000 (19:38 +0000)]
patch 9.2.0245: xxd: color output detection is broken
Problem: xxd: color output detection is broken
(Juergen Weigert)
Solution: Fix the issues (Hirohito Higashi)
- Disable auto color when output goes to a file (two-argument form)
- Check TERM variable: disable color when unset, empty or "dumb"
- Add color_forced flag to preserve -R always behavior
- Add tests for the new behavior
fixes: #19790
closes: #19813
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Hirohito Higashi <h.east.727@gmail.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
projects / thirdparty / vim.git / log
