Problem:
Creating an autocommand which executes `:bwipe` on the Syntax event
causes a heap-use-after-free.
Solution: set BF_SYN_SET flag before applying autocommands
Problem:
When text is too long, it overflows into the border. This happens because
grid_line_maxcol includes border columns, so grid_line_puts can write
there.
Solution:
Truncate string to available width when need_fcs_trunc is set.
When width1 and width2 are negative the assertion may fail. It seems
that adding a negative value to w_curswant won't cause any problems, so
just change the assertion.
Problem: nvim_parse_expression null pointer dereference with unmatched ]
followed by a node.
Solution: if ast_stack was empty, set new_top_node_p to top of the stack after
pushing the list literal node; similar to what's done for curlies.
This bug was originally found by a Matrix user, but I couldn't remember how to
trigger it... Ran into the other crash while finding a repro. :P
Problem: nvim_parse_expression null pointer dereference when parsing an
identifier followed by { with "highlight" parameter set to false.
Solution: only set opening_hl_idx if pstate->colors is not NULL.
Not added to parser_tests.lua as that uses highlight = true.
Problem: Crash with combination of terminal popup and autocmd.
Solution: Disallow closing a popup that is the current window. Add a check
that the current buffer is valid. (closesvim/vim#5754)
cee52204ca
Cherry-pick related changes from patch 9.0.1454.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Last buffer not freed with EXITFREE (after 9.1.2087).
Solution: Free the last buffer when inside free_all_mem()
(zeertzjq).
This isn't really a memory leak, as the last buffer's memory is still
reachable via pointers like firstbuf and lastbuf. But it's possible that
this may cause false ASAN warnings in the future, which is what EXITFREE
is supposed to prevent.
closes: vim/vim#191946c118afeaa
Problem: Crash when using :tabonly in BufUnload.
Solution: Set curbuf when setting curwin->w_buffer. Don't wipe out a
buffer if there are no other buffers. Don't decrement
b_nwindows if it was 0 before buf_freeall() (zeertzjq).
fixes: vim/vim#19088#issuecomment-3710172769
closes: vim/vim#19186fa64f92f6a
Problem: Error message for layout change does not match action.
Solution: Pass the command to where the error is given. (closesvim/vim#11573)
9fda81515b
Thinking about this again, it's actually OK to check split_disallowed in
window_layout_locked(), so add the check.
Also add missing window_layout_locked() in tabpage_close().
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Redundant NULL checks in find_pattern_in_path().
Solution: Remove the NULL checks. Also fix typos in test_diffmode.vim
(zeertzjq).
After assigning to inc_opt on line 2976, it's dereferenced immediately,
and not assigned another value afterwards, so checking for NULL after
line 2977 is redundant.
closes: vim/vim#19185ce394b13e9
Problem: crash with WinNewPre autocommand, because window
structures are not yet safe to use
Solution: Don't trigger WinNewPre on :tabnew
fb3f969936
Cherry-pick doc updates from latest Vim runtime.
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: win_splitmove fires WinNewPre and possibly WinNew when moving
windows, even though no new windows are created.
Solution: don't fire WinNew and WinNewPre when inserting an existing
window, even if it isn't the current window. Improve the
accuracy of related documentation. (Sean Dewar)
related: vim/vim#1403896cc4aef3d
Most of the patch was already ported. This includes the remaining part.
Co-authored-by: Sean Dewar <6256228+seandewar@users.noreply.github.com>
Problem: No event is triggered before creating a window.
(Sergey Vlasov)
Solution: Add the WinNewPre event (Sergey Vlasov)
fixes: vim/vim#10635closes: vim/vim#127611f47db75fd
Not sure if this should be triggered before creating a floating window,
as its use case is related to window layout.
Co-authored-by: Sergey Vlasov <sergey@vlasov.me>
Problem: The typebuf_was_filled flag is sometimes not reset, which may
cause a hang.
Solution: Make sure typebuf_was_filled is reset when the typeahead buffer is
empty.
e49b4bb895
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: memory leak when not evaluating (just parsing) invalid literal
dict.
Solution: Always clear the key's typval (Sean Dewar)
Though "check_typval_is_value(&tv) == FAIL && !evaluate" is maybe never
true, also always clear tvs if check_typval_is_value fails; at worst
this would be a no-op as their initial types are VAR_UNKNOWN.
closes: vim/vim#19178b10a3e1a20
check_typval_is_value change is for Vim9 script. (from 9.0.2163)
N/A patch:
vim-patch:9.0.2163: Vim9: type can be assigned to list/dict
Co-authored-by: Sean Dewar <6256228+seandewar@users.noreply.github.com>
Problem: nvim_get_option_value with "filetype" set can crash if autocommands
open the dummy buffer in more windows, or if &bufhidden == "wipe".
Solution: Attempt to close all dummy buffer windows before wiping. Promote the
dummy buffer to a normal buffer if that fails.
Removed code doesn't seem to do anything? Looks like a clobbered remnant from
when do_filetype_autocmd lived in did_set_string_option.
Doc comment for wipe_buffer doesn't decrement top_file_num since a2d25b7 (2016),
which presumably means the comment on marks doesn't apply either. (fmark_T::fnum
can't refer to the wrong buffer as numbers aren't reused here anymore)
Problem: When the "filetype" key is set for nvim_get_option_value, autocommands
can crash Nvim by prematurely wiping the dummy buffer, or cause options intended
for it to instead be set for unrelated buffers if switched during OptionSet.
Solution: Don't crash. Also quash side-effects from setting the buffer options.
Problem: crash with NFA regex engine when searching for composing chars
(SuyueGuo)
Solution: When there is no composing character, break out of the loop
and check that out1 state is not null
fixes: vim/vim#15583c3a02d78bd
Test uses DBCS 'encoding', which is N/A.
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: possible crash with 2byte encoding and glob2regpat()
Solution: Skip over character, if it is multi-byte character
1c815b54bb
Co-authored-by: Christian Brabandt <cb@256bit.org>
Using uv_pipe_t to read from PTY master may drop data if the PTY process
exits immediately after output, as libuv treats a partial read after
POLLHUP as EOF, which isn't true for PTY master on Linux. Therefore use
uv_poll_t instead.
This commit can be reverted if libuv/libuv#4992 is fixed for uv_pipe_t.
Problem: Use-after-free in winframe_remove() (henices)
Solution: Set window_layout_locked() inside winframe_remove()
and check that writing diff files is disallowed when the
window layout is locked.
It can happen with a custom diff expression when removing a window:
1. Buffer was removed, so win_frame_remove() is called to remove the
window.
2. win_frame_remove() → frame_new_height() → scroll_to_fraction()
→ diff_check_fill() (checks for filler lines)
3. diff_check_fill() ends up causing a diff_try_update, and because we
are not using internal diff, it has to first write the file to a
buffer using buf_write()
4. buf_write() is called for a buffer that is not contained within a
window, so it first calls aucmd_prepbuf() to create a new temporary
window before writing the buffer and then later calls
aucmd_restbuf(), which restores the previous window layout, calling
winframe_remove() again, which will free the window/frame structure,
eventually freeing stuff that will still be accessed at step 2.
closes: vim/vim#19064ead1dda74a
Nvim doesn't have this bug as Nvim uses a floating window as autocommand
window, and removing it doesn't need winframe_remove().
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: A BufAdd autocommand may cause alist_add() to use freed
memory, this is caused by the w_locked variable unset too
early (henices)
Solution: in trigger_undo_ftplugin() only set w_locked to false, if it
was false when calling the function.
related: v9.1.0678
closes: vim/vim#190239266a2a197
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: b:undo_ftplugin not executed when re-using buffer
(archy3)
Solution: explicitly execute b:undo_ftplugin in buflist_new() when
re-using the current buffer
fixes: vim/vim#17113closes: vim/vim#17133baa8c90cc0
Cherry-pick test_filetype.vim changes from patch 9.1.1325.
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Restoring window after WinScrolled may fail.
Solution: Lock the window layout when triggering WinScrolled.
d63a85592c
Only check close_disallowed in window_layout_locked() for now.
Also don't check window_layout_locked() when closing a floating window,
as it's not checked when creating a floating window.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem:
build.zig always downloads dependencies and statically links them,
which is frowned upon by distro packagers.
Solution:
Add option to use system libraries.
On linux /dev/stdin is defined as a symlink to /proc/self/fd/0
This in turn is defined as a "magic" symlink which is allowed to point
to internal kernel objects which really does not have a file
name. As a glaring inconsistency, fopen("/proc/self/fd/0", "r")
works if fd was originally opened using pipe() but not using
socketpair(). As it happens UV_CREATE_PIPE does not create pipes
but creates socket pairs. These two unfortunate conditions
means that using /dev/stdin and similar does not work in
shell commands in nvim on linux. as a work around, override
libuv's descicion and create an actual pipe pair.
This change is not needed on BSD:s but done unconditionally for simplicity,
except for on windows where it is not done for stdout because of windows
fixes#35984
This fixes a regression from cf6f60ce4d
(possibly), as before that commit a frame is popped from the call stack
immediately after its response is received.
Also fix leaking the allocated error messages.
Problem: info/preview floating windows are created
without wrap enabled, causing info text to be
truncated.
Solution: enable 'wrap' and set 'scrolloff' to 0 by
default, like vim's popup_create does.
Problem:
Using nvim_set_current_win() to switch windows while in Visual mode
causes E315 ml_get error when target buffer has fewer lines. This
doesn't happen with `:wincmd w` since it properly resets Visual mode
when switching buffers.
Solution:
Reset Visual mode when switching to another buffer, like `:wincmd w`.
Problem: when shortmess doesn't have 'S', backward search wrap doesn't
show the "W" before count. forward search works fine but
backward fails because the position check logic is backwards -
it checks if cursor < pos instead of using the existing
wrapped flag.
Solution: Use sia->sa_wrapped flag that searchit() already sets
correctly (glepnir).
fixes: vim/vim#5280closes: vim/vim#19138ccb7b43365
Co-authored-by: glepnir <glephunter@gmail.com>
Problem: Setting pumborder=shadow doesn't blend proerly.
Solution: Check fconfig.shadow when setting pum_grid.blending, like what
is done in check_blending().
