If the call to `qf_setup_state()` in `qf_init_ext()` fails, control flow jumps
to label `qf_init_end` where a call to `qf_update_buffer()` is made with
`old_last` as a function call argument.
Prior to this patch, `old_last` would not yet have been initialized to its
default value of `NULL`, resulting in `qf_update_buffer()` attempting to compare
against its uninitialized value (quickfix.c:3882) then later forwarding it to
`qf_fill_buffer()` where the address is dereferenced and repeatedly read from/
written to for performing core qflist operations.
Depending on what the default value of `old_last` was, the results may range
from a best case scenario of neovim terminating with SIGSEGV from an attempt to
dereference an invalid pointer (quickfix.c:4056) to memory corruption if it
contained some other value that results in `qfp` being initialized from
`old_last->qf_next` (after which it is subsequently written to and read from in
a fairly arbitrary fashion).
Though extremely unlikely, it's possible for there to be security considerations
as a user can ensure that the next call to `qf_setup_state()` fails.
This patch ensures that `old_last` is NULL-assigned before control flow jumps to
`qf_init_end`.
Closes#20639.
vim-patch:9.0.0780: 'scroll' value computed in unexpected location
Problem: 'scroll' value computed in unexpected location.
Solution: Compute 'scroll' when the window height is changed. (Luuk van
Baal, closesvim/vim#11387)
a1a46da87d
Made obsolete by now graduated `filetype.lua` (enabled by default).
Note that changes or additions to the filetype detection still need to
be made through a PR to vim/vim as we port the _logic_ as well as tests.
vim-patch:9.0.0771: cannot always tell the difference beween tex and rexx files
Problem: Cannot always tell the difference beween tex and rexx files.
Solution: Recognize tex by a leading backslash. (Martin Tournoij,
closesvim/vim#11380)
bd053f894b
Problem: Lisp word only recognized when a space follows.
Solution: Also match a word at the end of a line. Rename the test. Use a
compiled function to avoid backslashes.
d26c5805bc
Keep the old Test_lisp_indent().
Problem: Crash when a callback deletes a window that is being used.
Solution: Do not unload a buffer that is being displayed while redrawing the
screen. Also avoid invoking callbacks while redrawing.
(closesvim/vim#2107)
94f01956a5
Omit parse_queued_messages(): N/A.
Cherry-pick a break statement from patch 8.1.0425.
Problem:
Windows console icon is set early in startup, but there are some cases
where `os_exit` is called and we don't restore the original icon.
Solution:
- Move `os_icon_init()` later in the startup sequence, and only if
`use_builtin_ui==true`.
- Rename functions: use `os_` prefix for platform-specific code.
00cfc1d (from #20249) reduced the amount of unnecessary redraws. This
surfaced an issue where if and extmark with a specific ID is
repositioned to a different row, the decorations from the old row were
not redrawn and removed. This change fixes that by redrawing the
old row.
Problem: Quickfix tests can be a bit hard to read.
Solution: Use heredoc instead of strings and line continuation. (Yegappan
Lakshmanan, closesvim/vim#10145)
4a7724a440
Cherry-pick a typo fix from patch 8.2.3637.
Problem: Using freed memory when location list changed in autocmd.
Solution: Return QF_ABORT and handle it. (Yegappan Lakshmanan,
closesvim/vim#10993)
6d24a51b94
Problem: Using freed memory when using 'quickfixtextfunc' recursively.
Solution: Do not allow for recursion.
d6c67629ed
Cherry-pick Test_qflist_statusmsg() from patch 8.2.4617.
Problem: When gvim is started maximized the 'window' option isn't set
properly. (Christian J. Robinson)
Solution: Check if 'windows' was already set or not. (Ken Takata,
closesvim/vim#9904)
6ca883dd8a
