2207 Commits

Author SHA1 Message Date
Justin M. Keyes
a0fd59352a Merge #40520 nvim_win_resize 2026-07-05 12:06:13 -04:00
XiaowenHu96
e18d2838b5 fix(test): skip flaky Test_set_cursor
Problem:
Test_set_cursor is flaky in CI. MsgPack::Raw Perl module
has a heap-overflow issue.
See https://github.com/jacquesg/p5-MsgPack-Raw/issues/4

Solution:
Skip the test until the upstream module is fixed.
2026-07-05 21:47:37 +08:00
Manoj Panda
9456cec7f9 vim-patch:9.2.0769 conversion to utf-16be using iconv is inconsistent #40567
fix(iconv): conversion to utf-16be using iconv is inconsistent

vim-patch:9.2.0769

Problem:  enc_canonize function changes utf-16be to utf-16 but in linux
          type utf-16 defaults to utf-16le.

Solution: Creating a separate entry for utf-16be in enc_canon_table.
          Note: the effect is only visible on iconv implementations that
          treat "utf-16" and "utf-16be" differently, so the test does
          not necessarily fail on an unpatched Vim. But the bug is
          visible in vim.iconv. (Manoj Panda)

from: vim/vim@2a63f74
closes: neovim#40262

Signed-off-by: Manoj Panda <manojpandawork@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
2026-07-04 11:50:38 +00:00
zeertzjq
60e46704bd vim-patch:9.2.0782: tests: missing cleanup in test_mksession.vim
Problem:  Some test_mksession tests do not cleanup all the state
Solution: Add commands to clean up state introduced by the test
          (Illia Bobyr)

Before this change the following 4 tests were failing when executed
individually:

  Test_mksession_arglocal_localdir
  Test_mksession_buffer_count
  Test_mksession_one_buffer_two_windows
  Test_mksession_winminheight

As in
```
  TEST_FILTER=winminheight make test_mksession
```
Yet, when ran as part of the whole test suite they succeeded.

This was due to some state leaking from one test into another.

I think this is bad, as it can confuse someone making changes in the
relevant area.

`Test_mksession_winminheight` is actually still broken a bit, and
requires `winheight` and `winwidth` set at the beginning of the test,
rather than later, when it actually matters.  This exposes a subtle bug
in the session restore script.  I have a patch in a separate commit.

closes: vim/vim#20691

834b8d218f

Co-authored-by: Illia Bobyr <illia.bobyr@gmail.com>
2026-07-04 08:47:05 +08:00
zeertzjq
d7b7922dcb vim-patch:partial:9.2.0579: :mksession, :mkview and :mkvimrc emit legacy Vim script
d69cf0dbcf

New tests only.

Co-authored-by: Miguel Barro <miguel.barro@live.com>
Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-07-04 08:45:47 +08:00
zeertzjq
b5fd22e771 vim-patch:9.2.0781: tests: Test_fuzzy_completion_bufname_fullpath() creates unnecessary dir (#40565)
Problem:  tests: Test_fuzzy_completion_bufname_fullpath() creates an
          unnecessary directory with the name of a file.
Solution: Only create the parent directory of the file (zeertzjq).

closes: vim/vim#20695

98efa50279
2026-07-03 23:17:49 +00:00
zeertzjq
87c2319986 vim-patch:9.2.0763: tests: style issue in test_plugin_netrw (#40543)
Problem:  tests: style issue in test_plugin_netrw (after v9.2.0761)
Solution: Clean-up newly created directory, use consistent concat
          operator

1ebd2fdb78

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-07-03 08:18:01 +08:00
zeertzjq
3210315559 vim-patch:9.2.0426: tests: still some flaky screendump tests
Problem:  tests: still some flaky screendump tests
          (James McCoy)
Solution: Replace flaky VerifyScreenDump checks with assert_* assertions
          for Test_visual_block_scroll and Test_scrolloffpad_with_folds,
          and remove the now-unused dump files, mark those tests as
          flaky (which happened previously for screendump tests
          automatically) (Yasuhiro Matsumoto).

fixes:   vim/vim#20096
related: vim/vim#20095

cf5d7102b9

Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
2026-07-02 21:07:19 +08:00
zeertzjq
562b3fcb05 vim-patch:9.2.0401: tests: still a few flaky tests
Problem:  tests: still a few flaky tests
Solution: Add WaitForAssert to test_messages.vim, use a smaller terminal
          window for test_tabpanel, add TermWait() in test_messages
          to handle DECQRM messages.

closes: vim/vim#20074

0bc64b19a2

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-07-02 21:07:03 +08:00
zeertzjq
b4901ae0b6 vim-patch:9.2.0392: tests: Some tests are flaky
Problem:  tests: Some tests are flaky and cause CI to fail
Solution: Add WaitForAsserts() calls to reduce flakiness

closes: vim/vim#20050

1940bcb243

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-07-02 21:06:47 +08:00
zeertzjq
6003545f38 vim-patch:9.2.0761: runtime(netrw): Unix: unable to open '\' file (#40533)
Problem:  runtime(netrw): Unix: unable to open '\' file
Solution: Adjust directory pattern (Manoj Panda)

closes: vim/vim#20685

86d8af37ba

Co-authored-by: Manoj Panda <manojpandawork@gmail.com>
2026-07-01 23:45:14 +00:00
zeertzjq
a243486a46 vim-patch:9.2.0759: Some code for 'autocompletedelay' is no longer needed
Problem:  Some code for 'autocompletedelay' is no longer needed now that
          'autocompletedelay' doesn't block redraw (after 9.2.0739).
Solution: Remove unnecessary code. Also remove a duplicate screendump
          and an outdated comment in test (zeertzjq)

closes: vim/vim#20686

0b86b97cc9
2026-07-02 03:57:56 +08:00
zeertzjq
cef0dcd54e vim-patch:9.2.0755: 'autocomplete' behaves inconsistently when recording
Problem:  If 'autocompletedelay' is non-zero, 'autocomplete' doesn't
          work when recording a register (after 9.2.0750).
Solution: Still produce K_COMPLETE_DELAY when recording a register, and
          drop it in gotchars_add_byte() instead (zeertzjq).

This patch only changes the behavior when recording a register.
Replaying a register with 'autocomplete' still doesn't fully work
regardless of 'autocompletedelay', as 'autocomplete' isn't triggered
when there is pending input.

closes: vim/vim#20675

a658728918
2026-07-02 03:57:56 +08:00
zeertzjq
826ca0ccfe vim-patch:9.2.0750: completion: 'autocompletedelay' deferral leaks state
Problem:  After 'autocompletedelay' was made non-blocking, the deferred
          popup can misbehave: a pending autocomplete survives leaving
          Insert mode and then keeps waking the editor in Normal mode,
          the deferral is recorded into registers while recording a
          macro, the popup appears an extra 'updatetime' late when
          'autocompletedelay' is larger and a CursorHoldI autocommand
          exists, CursorHoldI can fire twice without an intervening
          keypress, and an open balloon is dismissed (after v9.2.0739)
Solution: Treat the deferral like CursorHold: only keep it pending in
          Insert mode and not while recording, with pending typeahead,
          or when completion is already active; drop it when Insert mode
          ends; measure the delay from when the user typed so a
          CursorHold in between does not push the popup back; and do not
          let the deferral re-enable CursorHoldI or dismiss the balloon.
          (Hirohito Higashi).

closes: vim/vim#20669

1f0f14bc2f

Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 03:57:56 +08:00
zeertzjq
5f47d7ac08 vim-patch:9.2.0749: 'autocompletedelay' interferes with i_CTRL-K
Problem:  'autocompletedelay' interferes with i_CTRL-K (after 9.2.0739).
Solution: Clear the pending autocompltion from the previous key when a
          new key is typed.

closes: vim/vim#20666

0d292e2067
2026-07-02 03:57:56 +08:00
zeertzjq
f2af45127f vim-patch:9.2.0748: 'autocompletedelay' interferes with CTRL-G U
Problem:  'autocompletedelay' interferes with CTRL-G U (after 9.2.0739).
Solution: Restore the flag for CTRL-G U.

related: vim/vim#8937
related: vim/vim#20666

9fb5b5d876
2026-07-02 03:57:56 +08:00
zeertzjq
14f2a86cd6 vim-patch:9.2.0739: completion: 'autocompletedelay' blocks the main loop and drops autocommands
Problem:  With a non-zero 'autocompletedelay', Insert-mode autocommands
          (TextChangedI, TextChangedP, CursorMovedI) are delayed, and
          while typing faster than the delay they are dropped entirely,
          because the delay blocks the main loop.
Solution: Make 'autocompletedelay' non-blocking: instead of busy-waiting
          before showing the popup menu, defer it with an input-wait
          timeout (K_COMPLETE_DELAY) modeled on CursorHoldI, so typing
          stays responsive and the Insert-mode autocommands fire normally.

The delay timer coexists with 'updatetime': the main loop waits for the
sooner of the two and triggers the event whose deadline was reached, so
'autocompletedelay' no longer shadows CursorHold timing.  Changing the
completion leader, for example with Backspace, updates the visible popup
immediately like a zero delay; only the first popup is deferred.

Update the 'autocompletedelay' screendumps for the non-blocking display.
One test opened the menu with CTRL-N right after the delay expired and
could race with the deferred popup, so it now waits a little longer than
the delay before sending the key.

fixes:  vim/vim#20591
closes: vim/vim#20598

8ce43ea4e3

Also include some insexpand.c and ui.c changes from patch 9.2.0750.

Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 03:57:56 +08:00
zeertzjq
c040f53dc1 vim-patch:9.2.0756: Session with multiple tabpages sets 'winminheight' to 0 (#40512)
Problem:  Session with multiple tabpages sets 'winminheight' to 0.
Solution: Only save 'winminheight' and 'winminwidth' once (zeertzjq).

related: vim/vim#8119
related: neovim/neovim#40493
closes: vim/vim#20673

294dec827d
2026-07-01 07:10:04 +08:00
zeertzjq
dbfa85b1fa test(old): unskip Test_mode_changes() #40490 2026-06-30 08:01:52 -04:00
Justin M. Keyes
5256685661 feat(cmdwin): drop CHECK_CMDWIN
Allow window navigation/creation even while cmdwin is alive! 😱
2026-06-29 22:38:29 +02:00
zeertzjq
058d87eae6 vim-patch:9.2.0745: Crash with truncated spellfile (#40471)
Problem:  Crash when reading truncated spellfile (MarkLee131)
Solution: Set sl_sofo to TRUE in set_sofo() once sl_sal has been
          converted to the soundfold layout.

Supported by AI.

closes: vim/vim#20660

488a3eed12

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-29 00:29:31 +00:00
zeertzjq
84cd87908e vim-patch:9.2.0742: filetype: SSH keys and related filetypes not recognized (#40469)
Problem:  filetype: SSH keys and related filetypes not recognized
Solution: Detect sshpublickey, sshknownhosts sshauthorizedkeys and
          sshallowedsigners filetypes, add syntax scripts for those
          filetypes (Fionn Fitzmaurice)

This adds syntax highlighting for SSH public keys, as well as related
filetypes derived from this (SSH authorized keys, SSH known hosts and
SSH allowed signers).

Also add filetype detection based on the path and name.

closes: vim/vim#20635

6e66ebc0fd

Co-authored-by: Fionn Fitzmaurice <git@fionn.computer>
2026-06-28 23:48:17 +00:00
glepnir
4d18693c49 vim-patch:9.2.0741: complete_check() does not return TRUE for mapped input (#40467)
Problem:  Mapped typed keys didn't interrupt completion in
          complete_check() (Yikai Zhao)
Solution: Also interrupt when in_compl_func and not replaying a register.
          (glepnir)

closes: vim/vim#5547
closes: vim/vim#20643

37d85f5f1a
2026-06-29 07:08:24 +08:00
zeertzjq
84308e4746 vim-patch:48474e6: runtime(netrw): Use consistent forward slashes
fixes:  vim/vim#20636
closes: vim/vim#20663

48474e6370

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-29 06:37:40 +08:00
zeertzjq
f3fbb3928c vim-patch:9.2.0738: ml_recover() may write beyond block buffer (#40446)
Problem:  A crafted swap file can cause an out-of-bounds write during
          recovery when the same block is referenced twice with
          different pe_page_count values (cipher-creator)
Solution: Check hp->bh_page_count against page_count after mf_get() and
          clamp page_count to the actual block size.

closes: vim/vim#20645

43939cf9eb

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-27 09:21:05 +00:00
zeertzjq
6a61c81e31 vim-patch:partial:9.2.0736: potential command execution in PHP omni-completion (#40445)
Problem:  With PHP omni-completion, a crafted file can potentially
          execute arbitrary commands when completing a class member.
Solution: Quote the class name before inserting it into the search()
          pattern run via win_execute().

43afc581a3

Tests only. The bug is not ported yet.

Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 09:11:42 +00:00
zeertzjq
d844a276bb vim-patch:9.2.0735: [security]: arbitrary Ex command execution during C omni-completion (#40441)
Problem:  [security]: With C omni-completion, a crafted tags file can execute
          arbitrary Ex commands when completing a struct/union member
          (cipher-creator)
Solution: Escape the type field before inserting it into the :vimgrep
          pattern so it cannot close the pattern and start a new command
          (Hirohito Higashi).

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x

6b611b0d15

Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
2026-06-27 01:07:56 +00:00
zeertzjq
4adf961148 vim-patch:9.2.0729: % skips parens on continued quoted lines (#40440)
Problem:  The "%" command and bracket/text-object motions can skip the
          matching paren or bracket on a line with quotes and a trailing
          backslash.
Solution: Use the quote state at the search start when an odd-quote line
          is continued with a backslash, instead of always treating the
          search as starting in quotes (Barrett Ruth).

closes: vim/vim#20631

c44a6561cc

Co-authored-by: Barrett Ruth <br@barrettruth.com>
2026-06-27 00:44:23 +00:00
zeertzjq
4abafefee5 vim-patch:9.2.0726: filetype detect missing from completion (#40439)
Problem:  ":filetype detect" is a valid command but not offered by
          command-line completion.
Solution: Add "detect" to the completion candidates (glepnir)

closes: vim/vim#20625

984f29860e

Co-authored-by: glepnir <glephunter@gmail.com>
2026-06-27 08:25:37 +08:00
zeertzjq
db55c537cb vim-patch:9.2.0728: filetype: supertux info pattern is relative to current dir
Problem:  filetype: supertux info pattern is relative to current
          directory (after 9.2.0716).
Solution: Add `*/` to the start of the pattern (zeertzjq)

closes: vim/vim#20629

c30ee2efa9
2026-06-27 07:04:55 +08:00
zeertzjq
26331797d2 vim-patch:9.2.0716: filetype: not all supertux files are recognized
Problem:  filetype: not all supertux files are recognized
Solution: Detect more supertux related files as scheme filetype
          (Wu Zhenyu)

levels:
*.stwm: supertux world map
https://github.com/SuperTux/supertux/wiki/Worldmap-Format
*.stl: supertux level
https://github.com/SuperTux/supertux/wiki/Level-Format
*.stxt: supertux scrolling texts
https://github.com/SuperTux/supertux/wiki/File_formats#scrolling-texts

images:
*.sprite: supertux sprite
https://github.com/SuperTux/supertux/wiki/Sprite
*.strf: supertux tileset
https://github.com/SuperTux/supertux/wiki/Tileset
*.satc: supertux autotiles configuration
*.stcd: supertux converter data

font:
*.stf: supetux font

particles:
*.stcp: supertux custom particle

music:
*.music: supertux music

config:
~/.local/share/supertux2/config: supertux config
https://github.com/SuperTux/supertux/wiki/S-Expression#supertux-config-file
*.stsg: supertux save game

info:
info: https://github.com/SuperTux/supertux/wiki/File_formats#level-subsets

related: vim/vim#16287
closes:  vim/vim#20615

758543dcb7

Co-authored-by: Wu, Zhenyu <wuzhenyu@ustc.edu>
2026-06-27 07:04:54 +08:00
Justin M. Keyes
b2bf7bcfb1 feat(cmdwin): implement cmdwin as a normal buf+win
Problem:

cmdwin (the `:q` cmdline buffer) has various limitations which require
special-casing all over the codebase.

Besides complicating the code, it also breaks async plugins if they try
to create buffers/windows after some work is done, if the user happens
to open cmdwin at the wrong the moment:

    Lua callback: …/guh.nvim/lua/guh/util.lua:531:
    E11: Invalid in command-line window; <CR> executes, CTRL-C quits
    stack traceback:
        [C]: in function 'nvim_buf_delete'
        …/guh.nvim/lua/guh/util.lua:531: in function <…/guh.nvim/lua/guh/util.lua:526>

Solution:

Just say no to "inception". Reimplement cmdwin as a normal buffer+window.

All of the cmdwin contortions (in both core, and innocent plugins) exist
literally only to support "inception": recursive
cmdwin-in-cmdline-things, like `<c-r>=`, `/`, search-during-substitute,
`:input()`, etc. So we just won't support that (though I have
a potential plan for that later, which I call "modal parking lot").

The benefit is that plugins, and core, no longer have to care about
cmdwin.

BONUS:
- mouse-drag on vertical separators works (it only worked for
  horizontal/statusline before)
- inccommand-in-cmdwin now works correctly, for free (thus don't need
  #40077).

POTENTIAL FOLLOWUPS
- Drop `CHECK_CMDWIN` ("E11: Invalid in command-line window"), allow chaos.
- Unify `BUFLOCK_OK` / `LOCK_OK` ?

DESIGN:
- Eliminate lots of C globals, `EX_CMDWIN`, etc.
- `text_locked()` no longer reports true for cmdwin.
- cmdwin = a normal window with 'winfixbuf', 'bufhidden=wipe',
  'buftype=nofile'. Invariants come from those options rather than
  special cases throughout the codebase.
- `nv_record` for q:/q//q? calls Lua
  `nlua_call_vimfn("vim._core.cmdwin", …)`. No `K_CMDWIN`
  / cmdline-reader detour.
- `cedit_key` (`c_CTRL-F`) schedules a deferred event that calls
  `vim._core.cmdwin.open(type, content, pos)` and returns `Ctrl_C` so
  the in-flight cmdline cancels. Reader state is not serialized; instead
  the captured `(type, line, col)` is replayed via
  `nvim_feedkeys(type..line.."<CR>", "nt", …)` after user confirms.
- On confirm/cancel: `<CR>` / `<C-C>` calls into Lua which closes the
  window and re-feeds the cmdline.

BREAKING CHANGES:
- Expression-register cmdline (`<C-R>=` from insert-mode) no longer
  supports cmdwin. Same applies to `input()` / `inputlist()` (already
  covered by `text_locked`).
- Usage of cmdwin in macros/mappings will probably break (assuming they
  ever worked).
2026-06-25 18:36:24 +02:00
zeertzjq
e715122e4e vim-patch:9.2.0725: [security]: Stack out-of-bounds write in spell_soundfold_sal() (#40402)
Problem:  [security]: A crafted spell file with non-collapsing SAL rules
          can make soundfold() write one byte past the end of the
          MAXWLEN result buffer.  This is the same class of
          out-of-bounds write as GHSA-q8mh-6qm3-25g4 (fixed in 9.2.0698
          for the SOFO branch), found while auditing the surrounding
          code.
Solution: Bound the single-byte SAL result writes and the terminating
          NUL to MAXWLEN - 1, matching the SOFO branch.

The single-byte branch of spell_soundfold_sal() guarded its writes with
"reslen < MAXWLEN", allowing reslen to reach MAXWLEN (254).  The trailing
"res[reslen] = NUL" then wrote at index 254 of the 254-byte stack buffer
res[MAXWLEN], an off-by-one out-of-bounds write.  Input is case-folded to
about 253 characters, so a 253-character argument together with a SAL map
that does not collapse (collapse_result false) reaches the boundary.

Related to previous issue
[GHSA-q8mh-6qm3-25g4](https://github.com/vim/vim/security/advisories/GHSA-q8mh-6qm3-25g4)
(9.2.0698)

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2

d22ff1c955

This is N/A as Nvim doesn't have spell_soundfold_sal() which is only
used in the !has_mbyte code path.

Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-25 00:17:38 +00:00
zeertzjq
12ded1f36c vim-patch:9.2.0717: tests: strange indent in Test_autocmd_dup_arg() (#40400)
Problem:  tests: strange indent in Test_autocmd_dup_arg()
          (after v9.2.0708)
Solution: Indent using the settings in the modeline.

closes: vim/vim#20619

05df981c35
2026-06-24 23:40:09 +00:00
Dmytro Meleshko
764e257ae5 vim-patch:9.2.0718: :syn sync without an argument also lists syntax cluster (#40399)
Problem:  :syn sync without an argument also lists every defined cluster
Solution: Fix control flow in syn_cmd_list() so that only the syncing
          items are printed when this function gets called by :syn sync.
          (dmitmel)

closes: vim/vim#20614

f2954c821e
2026-06-25 07:36:56 +08:00
zeertzjq
19f64a2680 vim-patch:9.2.0708: Leaks in do_autocmd in error case (#40386)
Problem:  Leak in do_autocmd in error case (Cheng)
Solution: goto err_exit in the error case and clean up, make the double
          ++once an actual error

closes: vim/vim#20606

98f5171ef6

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-24 08:23:32 +08:00
zeertzjq
eb0bd381e5 vim-patch:9.2.0707: completion: popup misplaced when text before it is concealed (#40374)
Problem:  When the cursor line has concealed text before the start of the
          completion, the insert-mode completion popup is drawn at the wrong
          screen column and the cursor no longer lines up with the completed
          text.
Solution: Record the concealed width before the cursor on its screen line in
          a new `win_T` field while `win_line()` draws it, subtract it in
          `pum_display()` to place the menu over the visible text, and redraw
          the cursor line so `win_line()` corrects the cursor too.

closes: vim/vim#20539

d167c50de4

Co-authored-by: Barrett Ruth <br@barrettruth.com>
2026-06-23 08:51:03 +00:00
Shiva Priyan
e750f7c357 vim-patch:9.2.0702: :windo and :tabdo create an extra window with 'winfixbuf' (#40358)
Problem:  With 'winfixbuf' set in the current window, :windo and :tabdo
          create an extra split window, even though they only visit
          existing windows/tabpages and don't change the current
          window's buffer (Collin Kennedy)
Solution: Skip the 'winfixbuf' escape in ex_listdo() for :windo and
          :tabdo (ShivaPriyanShanmuga)

fixes:  vim/vim#14301
closes: vim/vim#20600

5767d80b37
2026-06-23 01:13:18 +00:00
zeertzjq
8832c381e1 vim-patch:9.2.0705: :delete # silently fails to update "# and clobbers "0 (#40371)
Problem:  ':delete #' silently fails to update "# and clobbers "0.
Solution: Treat "# like "/, writable only with :let and setreg().

closes: vim/vim#20592

7aeab74687

Co-authored-by: Doug Kearns <dougkearns@gmail.com>
2026-06-23 00:52:39 +00:00
zeertzjq
259f1173e4 vim-patch:9.2.0698: [security]: Out-of-bounds write with soundfold() (#40362)
Problem:  [security]: Out-of-bounds write with soundfold()
          (cipher-creator)
Solution: Add an abort condition to the for loop to validate the buffer
          size.

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-q8mh-6qm3-25g4

Supported by AI

497f931f85

This is N/A as it only changes the !has_mbyte code path.

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-22 02:34:22 +00:00
zeertzjq
257701b17b vim-patch:9.2.0689: the "%" command is slow on a long line with many slashes (#40361)
Problem:  The "%" command can be very slow on a long line that contains
          many slashes, for example a line of base64 data.
Solution: When looking for a line comment, scan the line only once while
          skipping over strings, instead of rescanning from the start for
          every slash.  Move check_linecomment() to cindent.c so it can
          reuse the file-local skip_string().

related: vim/vim#20491
fixes:   vim/vim#20557
closes:  vim/vim#20575

9f9af034ad

Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 02:28:15 +00:00
zeertzjq
7d0adc08f7 vim-patch:9.2.0699: [security]: possible code execution with python complete (#40363)
Problem:  [security]: possible code execution with python complete
          (morningbread)
Solution: Use repr() to quote the doc strings correctly

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3

Supported by AI

cce141c427

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-22 02:26:37 +00:00
zeertzjq
9c900c1255 vim-patch:9.2.0684: :reg # does not display the value of the '#' register (#40352)
Problem:  ':registers #' does not display the value of the '#' register.
Solution: Filter the '#' :registers output on a '#' arg instead of '%'
          (Doug Kearns).

closes: vim/vim#20589

0cafe56b74

Co-authored-by: Doug Kearns <dougkearns@gmail.com>
2026-06-21 22:18:08 +08:00
zeertzjq
dc0b54276d vim-patch:9.2.0683: filetype completion mishandles finished sub options (#40351)
Problem:  ":filetype plugin<Tab>" gives "pluginindent" because a
          sub option before the cursor is treated as already given.
Solution: only skip plugin and indent when followed by white space.
          (glepnir)

closes: vim/vim#20594

fe65f23aca

Co-authored-by: glepnir <glephunter@gmail.com>
2026-06-21 14:16:03 +00:00
zeertzjq
9607e53cea vim-patch:9.2.0682: Wrong dot-repeat when calling complete() while filtering completion (#40350)
Problem:  Wrong dot-repeat when calling complete() while filtering
          Ctrl-N completion.
Solution: Also check compl_started for whether completion is active.
          (zeertzjq)

related: neovim/neovim#40346
closes:  vim/vim#20595

37a7e4944f
2026-06-21 14:09:43 +00:00
Jan Edmund Lazo
d40c07511a vim-patch:9.0.1328: error when using "none" for GUI color is confusing (#40347)
Problem:    Error when using "none" for GUI color is confusing.
Solution:   Mention that the name should perhaps be "NONE". (closes vim/vim#1400)

5b9f57262f

Co-authored-by: Bram Moolenaar <Bram@vim.org>
2026-06-21 02:42:07 +00:00
zeertzjq
1724096ae0 vim-patch:9.2.0680: keytrans() doesn't replace '|' and '\' (#40345)
Problem:  keytrans() doesn't replace '|' and '\' (user202729)
Solution: Replace '|' and '\' with "<Bar>" and "<Bslash>" respectively.
          (zeertzjq)

fixes:  vim/vim#20585
closes: vim/vim#20586

47fd183c4e
2026-06-21 08:24:52 +08:00
zeertzjq
dc1393d9c1 vim-patch:9.2.0675: tests: Test_cd_from_non_existing_dir() fails on Solaris
Problem:  tests: Test_cd_from_non_existing_dir() fails on Solaris
Solution: Skip the test on Solaris (Vladimír Marek).

Test_cd_from_non_existing_dir() depends on deleting the current working
directory.  Solaris does not allow that, so skip the test there.

closes: vim/vim#20563

b464c36bf9

Co-authored-by: Vladimír Marek <vlmarek13@gmail.com>
2026-06-19 09:44:42 +08:00
zeertzjq
147872452e vim-patch:9.2.0673: tests: Test_recover_corrupted_swap_file() cannot handle symlinks
Problem:  tests: Test_recover_corrupted_swap_file() cannot handle
          symlinks
Solution: Use writefile(readblob()) instead (Vladimír Marek)

Test_recover_corrupted_swap_file1() copies prebuilt corrupt swap samples
before recovering them.  In an out-of-source-tree build those sample
files may be symlinks into the source tree.  filecopy() preserves
symlinks, so the copied target may remain a symlink.  Recovery opens
swap files with O_NOFOLLOW, so that copied symlink cannot be opened.
Read the sample as a blob and write it back so the recovery target is a
real swap file.

closes: vim/vim#20561

88cbd00312

Co-authored-by: Vladimír Marek <vlmarek13@gmail.com>
2026-06-19 09:43:55 +08:00
zeertzjq
025a3e2baf vim-patch:9.2.0479: [security]: runtime(tar): command injection in tar plugin
Problem:  [security]: runtime(tar): command injection in tar plugin
          (Christopher Lusk)
Solution: Use the correct shellescape(args, 1) form for a :! command

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w

3fb5e58fbc

Co-authored-by: Christian Brabandt <cb@256bit.org>
2026-06-19 09:43:55 +08:00