Problem:
libmpack encodes boundary values -129 and -32769 with wrong integer
sizes:
- -129 as int8 instead of int16
- -32769 as int16 instead of int32
because the boundary checks compare against the wrong values (e.g., lo
< 0xffffff7f instead of lo < 0xffffff80). This caused data corruption:
-129 would decode as 127.
Solution:
Fix off-by-one errors in the two's complement boundary constants:
0xffffff80 (-128, min int8) and 0xffff8000 (-32768, min int16).
Fixes#37202
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Problem:
Applications running inside :terminal that use DEC private mode 2026
(synchronized output) to batch screen updates get garbled rendering.
Neovim's embedded libvterm does not handle mode 2026, so the
synchronization sequences are ignored and intermediate screen states
leak through as visual corruption.
Solution:
Add mode 2026 support to libvterm's state machine and wire it through
to terminal.c. When an application enables mode 2026, invalidation of
the terminal buffer is deferred until the application disables it,
causing all accumulated screen updates to flush as a single
atomic refresh.
* fix(terminal): harden sync output redraw gating
Problem:
The initial mode 2026 implementation gated invalidate_terminal()
but missed three other redraw paths: term_sb_push/term_sb_pop
bypassed the gate by directly adding to invalidated_terminals,
refresh_timer_cb could fire mid-sync flushing partial state, and
the 10ms timer delay after sync-end left a window for stale
repaints.
Solution:
- Gate term_sb_push/term_sb_pop during synchronized output
- Skip syncing terminals in refresh_timer_cb
- On sync end, schedule a zero-delay full-screen refresh via
sync_flush_pending flag in terminal_receive()
- Add news.txt entry for mode 2026 support
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test(terminal): add vterm unit tests for mode 2026
Add unit-level tests for synchronized output (mode 2026) to
vterm_spec.lua, covering settermprop callbacks and DECRQM
query/response.
Suggested-by: justinmk
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(terminal): address review feedback for mode 2026
- Use multiqueue_put(main_loop.events) instead of restarting the
global refresh timer on sync end, to avoid affecting other
invalidated terminals.
- Add screen:expect_unchanged() to verify screen doesn't update
during sync mode.
- Merge buffer-lines test into existing test.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Problem: A stack-buffer-overflow occurs when rendering a statusline
with a multi-byte fill character on a very wide terminal.
The size check in build_stl_str_hl() uses the cell width
rather than the byte length, allowing the subsequent fill
loop to write beyond the 4096-byte MAXPATHL buffer
(ehdgks0627, un3xploitable).
Solution: Update the size check to account for the byte length of
the fill character (using MB_CHAR2LEN).
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf4e5b9e31cb
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem:
libvterm doesn't support parsing the dim and overline attributes, so when a program running in the embedded terminal emits one of these escape codes, we ignore it and don't surface it to the outer terminal.
Solution: tweak libvterm to add support for both attributes.
fix#37867
This bug happens when only one end is moved between different nodes,
but the other end is also moved but within the same node.
When this happens we need the correct previous position even for the
internal move. This code shall be refactored to make the intent clearer,
(and avoid some unnecessary processing) but this is a fix for the observable
bug.
Thanks to KevinGoodsell for providing a deterministic
reproduce using fuzzing techniques.
Problem:
stack->offset value is used as an array index.
Solution:
Instead of comparing the stack->offset value to the size in bytes of the array,
compare the actual length of the array.
Problem: Vim9: outdated TODO items, disabled tests that work.
Solution: Remove TODO items, run tests that work now. Check that a dict
item isn't locked.
71b7685092
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem:
Recombining composing chars in terminal doesn't work at right edge.
Solution:
Check for the case where printing the previous char didn't advance the
cursor. Reset at_phantom when returning to combine_pos.
Problem: nvim_parse_expression null pointer dereference with unmatched ]
followed by a node.
Solution: if ast_stack was empty, set new_top_node_p to top of the stack after
pushing the list literal node; similar to what's done for curlies.
This bug was originally found by a Matrix user, but I couldn't remember how to
trigger it... Ran into the other crash while finding a repro. :P
Problem:
On macOS Tahoe, `make unittest` started failing with the following error.
````
test/unit/testutil.lua:784: test/unit/testutil.lua:768: (string) '
test/unit/testutil.lua:295: declaration specifier expected near 'ipc_info_object_type_t' at line 2297'
exit code: 256
stack traceback:
test/unit/testutil.lua:784: in function 'itp_parent'
test/unit/testutil.lua:822: in function <test/unit/testutil.lua:812>
````
Solution:
Update filter_complex_blocks.
Problem:
Nvim does not recognize URI scheme with numeric characters. While rare, there
are URIs that contain numbers (e.g. [ed2k://](https://en.wikipedia.org/wiki/Ed2k_URI_scheme))
and characters like `+` (e.g. `svn+ssh`). I use it in
[distant.nvim](https://github.com/chipsenkbeil/distant.nvim) to support
multiple, distinct connections using `distant+1234://` as the scheme.
Otherwise, if you open a file with the same name & path on two different
machines from the same Nvim instance, their buffer names will conflict
when just using `distant://`.
Solution:
Adds full support for detecting URI scheme per
[RFC3986](https://www.rfc-editor.org/rfc/rfc3986#section-3.1)
problem: termkey/driver-ti.c had its internal dependency upon unibilium
which would completely skip builtin terminfo defs.
solution: add termkey info to TerminfoEntry struct
NOTE: this disables a lot of named function keys which are present as
terminfo "keys" both are mostly unset in terminfo entries for modern
terminals, and also not recognized by nvim as mappable keys
anyway, except a few ones like `<undo>` which this still will keep.
We probably don't want to encode up to F63 keys forever. While only 12
physical keys are available on modern keybords, instead Chords using
F-keys are usually encoded as high key numbers, like <C-S-F3>
becoming <F39> . But reconsideirg that has implications for configuration
that is best done as a separate (breaking) change.
Before functional/testnvim.lua was moved from functional/testutil.lua in
052498ed42, it was explicitly preloaded,
but now it is preloaded implicitly via functional/ui/screen.lua.
Also fix warnings about unused variables in other preload.lua files.
As noted in #34908, the arm unittests fail due to unrecognized types:
ERROR test/unit/testutil.lua @ 802: Expressions parser works with &opt
test/unit/testutil.lua:774: test/unit/testutil.lua:758: (string) '
test/unit/testutil.lua:288: declaration specifier expected near '__SVFloat32_t''
exit code: 256
After testing on Debian's arm64 porterbox, the unittests cleanly pass
when ignoring various types defined in
/usr/include/aarch64-linux-gnu/bits/math-vector.h
These are not needed after #35129 but making uncrustify still play nice
with them was a bit tricky.
Unfortunately `uncrustify --update-config-with-doc` breaks strings
with backslashes. This issue has been reported upstream,
and in the meanwhile auto-update on every single run has been disabled.
Problem: Functions used in one file are global.
Solution: Add "static". (Yegappan Lakshmanan, closesvim/vim#4840)
5843f5f37b
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Many terminals now include support for OSC 52 in their Primary Device
Attributes (DA1) response. This is preferable to using XTGETTCAP because
DA1 is _much_ more broadly supported.
Copy whatever was made to work for generated headers:
(1) we need to consider all cmake targets not just main_lib
(2) we need to add the sysroot for macOS
The old implementation of repeated_read_cmd would attempt to run the
command multiple times to handle racyness of async output. Code
like this should not be written. Instead, use the libuv event
loop to read until the process has exited and the pipe has been closed.
This causes some previous discarded errors to be propagated. Fix these
as well.
Problem:
vim.uv.os_setenv gets "stuck" per-key. #32550
Caused by the internal `envmap` cache. #7920
:echo $FOO <-- prints nothing
:lua vim.uv.os_setenv("FOO", "bar")
:echo $FOO <-- prints bar (as expected)
:lua vim.uv.os_setenv("FOO", "fizz")
:echo $FOO <-- prints bar, still (not expected. Should be "fizz")
:lua vim.uv.os_unsetenv("FOO")
:echo $FOO <-- prints bar, still (not expected. Should be nothing)
:lua vim.uv.os_setenv("FOO", "buzz")
:echo $FOO <-- prints bar, still (not expected. Should be "buzz")
Solution:
- Remove the `envmap` cache.
- Callers to `os_getenv` must free the result.
- Update all call-sites.
- Introduce `os_getenv_noalloc`.
- Extend `os_env_exists()` the `nonempty` parameter.
Same idea as a7be4b7bf8, but that only showed the context if the
length of the string differed. Since these tests check both string
length and string content, the ctx should be provided for both.
ERROR test/unit/testutil.lua @ 797: vim_snprintf() positional arguments
test/unit/testutil.lua:769: test/unit/testutil.lua:753: (string) '
test/unit/strings_spec.lua:159: snprintf(buf, 4, "%1$0.*2$b", 12ULL, cdata<int>: 0xf78c8ed8) = 001100
Expected objects to be the same.
Passed in:
(string) '000'
Expected:
(string) '001''
Problem: On 32-bit architectures, musl libc makes heavy use of
__typeof__ as part of its __REDIR macro for optional backwards
compatibility with 32-bit time_t values. Unfortunately, the
__typeof__ keyword is not supported by the LuaJIT C parser.
Solution: Filter out the keyword in filter_complex_blocks.
Problem: This keyword is used by GCC and Clang to prevent -Wpedantic
(and other options) from emitting warnings for many GNU C extensions.
This is used heavily in Alpine Linux through musl libc and
foritfy-headers. Without filtering the __extension__ keyword some type
definitions are duplicated. For example, timeval is defined once as
struct timeval { time_t tv_sec; suseconds_t tv_usec; };
and once as:
__extension__ struct timeval { time_t tv_sec; suseconds_t tv_usec; };
Without this patch, the LuaJIT C parser doesn't recognize that these
definitions are equivalent, causing unit test to fail on Alpine Linux.
Solution: Filter out the keyword in filter_complex_blocks.
Since these assertions all use a common function to perform the test
assertions, it's difficult to figure out which test failed:
ERROR test/unit/testutil.lua @ 785: vim_snprintf() positional arguments
test/unit/testutil.lua:757: test/unit/testutil.lua:741: (string) '
test/unit/strings_spec.lua:143: Expected objects to be the same.
Passed in:
(number) 6400
Expected:
(number) 6'
exit code: 256
Adding context to the assertion makes it clearer what the problem is:
ERROR test/unit/testutil.lua @ 785: vim_snprintf() positional arguments
test/unit/testutil.lua:757: test/unit/testutil.lua:741: (string) '
test/unit/strings_spec.lua:149: snprintf(buf, 0, "%1$0.*2$b", cdata<unsigned int>: 0xf78d0f38, cdata<int>: 0xf78dc4e0) = 001100
Expected objects to be the same.
Passed in:
(number) 6400
Expected:
(number) 6'
exit code: 256
This commit adds basic support for the kitty keyboard protocol to
Neovim's builtin terminal. For now only the first mode ("Disambiguate
escape codes") is supported.
Problem:
Whether an option is allowed to be empty isn't well defined and
isn't properly checked.
Solution:
- For non-list string options, explicitly check the option value
if it is empty.
- Annotate non-list string options that can accept an empty value.
- Adjust command completion to ignore the empty value.
- Render values in Lua meta files
It's probably not worth adding the C test files to regular formatting as
they're pretty much never touched, but ensuring the files are formatted
according to our standards and getting rid of warnings is a cheap
one-time fix.
