Problem: Wrong display when typing in diff mode with 'smoothscroll'.
Solution: Use adjust_plines_for_skipcol() (zeertzjq).
closes: vim/vim#1577647f8584a80
(cherry picked from commit 0e484c2041)
Problem:
Linematch used to use strchr to navigate a string, however strchr does
not supoprt embedded NULs.
Solution:
Use `mmfile_t` instead of `char *` in linematch and introduce `strnchr()`.
Also remove heap allocations from `matching_char_iwhite()`
Fixes: #30505
(cherry picked from commit c65646c247)
fix(vim.fs): dirname() returns "." on mingw/msys2 #30480
Problem:
`vim.fs.dirname([[C:\User\XXX\AppData\Local]])` returns "." on
mingw/msys2.
Solution:
- Check for "mingw" when deciding `iswin`.
- Use `has("win32")` where possible, it works in "fast" contexts since
b02eeb6a72.
Problem: When input immediately follows end of bracketed paste, the
nvim_input may be processed before the nvim_paste.
Solution: Ensure some waiting after the end of a bracketed paste.
(cherry picked from commit 5acdc4499e)
Problem: Crash with cursor-screenline and narrow window
(elig0n)
Solution: Don't set right_col when width2 is 0 (zeertzjq).
fixes: vim/vim#15677closes: vim/vim#1567859149f0269
(cherry picked from commit 5191a11d66)
Problem: Wrong cursor-screenline when resizing window
Solution: Invalidate saved left_col and right_col when width1 or width2
change.
closes: vim/vim#1567986dc4f8b43
(cherry picked from commit 90585e47fe)
Problem: heap-use-after-free in garbage collection with location list
user data.
Solution: Mark user data as in use when no other window is referencing
the location list (zeertzjq)
fixes: neovim/neovim#30371closes: vim/vim#15683be4bd189d2
Problem:
str_byteindex_enc could return an error if the index was longer than the
lline length. This was handled in each of the calls to it individually
Solution:
* Fix the call at the source level so that if the index is higher than
the line length, line length is returned as per LSP specification
* Remove pcalls on str_byteindex_enc calls. No longer needed now that
str_byteindex_enc has a bounds check.
Problem: Marktree meta count still includes invalidated marks, making
guards that check the meta total ineffective.
Solution: Revise marktree metadata when in/revalidating a mark.
Problem:
crash when calling nvim_buf_get_text() with a large negative start_col:
call nvim_buf_get_text(0, 0, -123456789, 0, 0, {})
Solution:
clamp start_col after subtracting it from the line length.
(cherry picked from commit d1d7d54680)
Problem: The matchparen plugin is slow on a long line.
Solution: Don't use a regexp to get char at and before cursor.
(zeertzjq)
Example:
```vim
call setline(1, repeat(' foobar', 100000))
runtime plugin/matchparen.vim
normal! $hhhhhhhh
```
closes: vim/vim#1556881e7513c86
(cherry picked from commit cf44121f7f)
fix(terminal): interrupt/got_int hangs terminal (#30056)
Upon `terminal_enter`, `mapped_ctrl_c` is set in order to avoid `CTRL-C`
interrupts (which is proxied to the terminal process instead), `os_inchar`
will then test `mapped_ctrl_c` against `State` and set `ctrl_c_interrupts=false`
which prevents `process_ctrl_c` from setting `got_int=true` in a terminal
state.
However, if `got_int` is set outside of `process_ctrl_c`, e.g. via
`interrupt()`, this will hang the neovim process as `terminal_execute` will
enter an endless loop as `got_int` will never be cleared causing `safe_vgetc`
to always return `Ctrl_C`.
A minimal example reproducing this bug:
```vim
:autocmd TermEnter * call timer_start(500, {-> interrupt()})
:terminal
:startinsert
```
To fix, we make sure `got_int` is cleared inside `terminal_execute` when
it detects `Ctrl_C`.
Closes#20726
Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Co-authored-by: ibhagwan <59988195+ibhagwan@users.noreply.github.com>
Problem: Some other options reset curswant unnecessarily when set.
(Andrew Haust)
Solution: Don't reset curswant when setting 'comments', 'commentstring'
or 'define' (zeertzjq)
fixes: vim/vim#15462closes: vim/vim#15467b026a293b1
(cherry picked from commit 0ec43cb4b5)
`buf.code_action` always included diagnostics on a given line from all
clients. Servers should only receive diagnostics they published, and in
the exact same format they sent it.
Should fix https://github.com/neovim/neovim/issues/29500
(cherry picked from commit 720b309c78)
Problem: [security] use-after-free in tagstack_clear_entry
(Suyue Guo )
Solution: Instead of manually calling vim_free() on each of the tagstack
entries, let's use tagstack_clear_entry(), which will
also free the stack, but using the VIM_CLEAR macro,
which prevents a use-after-free by setting those pointers
to NULL
This addresses CVE-2024-41957
Github advisory:
https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr48a0bbe7b8a
Co-authored-by: Christian Brabandt <cb@256bit.org>
(cherry picked from commit 6af359ef4c)
Problem: [security]: use-after-free in check_argument_type
Solution: Reset function type pointer when freeing the function type
list
function pointer fp->uf_func_type may point to the same memory, that was
allocated for fp->uf_type_list. However, when cleaning up a function
definition (e.g. because it was invalid), fp->uf_type_list will be
freed, but fp->uf_func_type may still point to the same (now) invalid
memory address.
So when freeing the fp->uf_type_list, check if fp->func_type points to
any of those types and if it does, reset the fp->uf_func_type pointer to
the t_func_any (default) type pointer
closes: vim/vim#136520f28791b21
Co-authored-by: Christian Brabandt <cb@256bit.org>
(cherry picked from commit a4bec30b7b)
Problem: [security]: use-after-free in exec_instructions()
Solution: get tv pointer again
[security]: use-after-free in exec_instructions()
exec_instructions may access freed memory, if the GA_GROWS_FAILS()
re-allocates memory. When this happens, the typval tv may still point to
now already freed memory. So let's get that pointer again and compare it
with tv. If those two pointers differ, tv is now invalid and we have to
refresh the tv pointer.
closes: vim/vim#136215dd41d4b63
Co-authored-by: Christian Brabandt <cb@256bit.org>
(cherry picked from commit 9f2d793068)
Problem: E1510 may happen when formatting a message
(after 9.1.0181).
Solution: Only give E1510 when using typval. (zeertzjq)
closes: vim/vim#153910dff31576a
(cherry picked from commit d131c48c82)
Problem: Unable to move cursor to recently opened window.
Solution: Make sure uninitialized window is drawn before trying to move
the cursor to it.
(cherry picked from commit 89f9f168a5)
Problem: Marks whose position did not change with the action that
invalidated them (right_gravity = false) are not revalidated
upon undo.
Solution: Remove early return when restoring a marks saved position so
that it is still revalidated. Add "move" guards instead.
(cherry picked from commit 012db2b0f5)
Problem: Wrong cursor position with 'breakindent' when a double-width
character doesn't fit in a screen line (mikoto2000)
Solution: Include the width of the 'breakindent' properly.
(zeertzjq)
fixes: vim/vim#15289closes: vim/vim#15290b5d6b5caac
(cherry picked from commit 35b35cb93c)
Problem: :TOhtml doesn't properly handle virtual text when it has
multiple highlight groups. It also improperly calculates position offset
for multi-byte virt_text characters.
Solution: Apply the `vim.api.nvim_strwidth` broadly to properly
calculate character offset, and handle the cases where the `hl` argument
can be a table of multiple hl groups.
Problem: Modifying a sign no longer updates already placed signs.
Solution: Loop over (newly-exposed) placed decorations when modifying a
sign definition. Update placed decor if it belongs to the sign
that is modified.
(cherry picked from commit f9a49fab0c)
Problem:
When there are multiple inlay hints present at the same position, they
should be rendered in the order they are received in the response from
LSP as per the LSP spec. Currently, this is not respected.
Solution:
Gather all hints for a given position, and then set it in a single
extmark call instead of multiple set_extmark calls. This leads to fewer
extmark calls and correct inlay hints being rendered.
