Problem: Potential buffer overflow in regdump()
Solution: Add the size to the compiled regular expression and ensure we
don't read over the limit.
Note: this is not a security issue, because regdump() is typically not
compiled in any version of Vim, so should not affect anybody.
supported by AI claude.
9360647715
Co-authored-by: Christian Brabandt <cb@256bit.org>
This avoids false positives from existing uses of `GITHUB_ENV` and
`pull_request_target` that are safe, as well as from cache usage in a
workflow that doesn't produce release artifacts.
Replace all template expansions in code contexts with environment
variable substitutions. Template expansion in code contexts can be a
source of code injection vulnerabilities; for more info, see:
https://docs.zizmor.sh/audits/#template-injection
The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions
Set `persist-credentials: false` for all uses of `actions/checkout`.
This prevents git credentials from being stored on disk, and fixes the
following Zizmor audit:
https://docs.zizmor.sh/audits/#artipacked
This improves CI security by ensuring that action dependencies cannot be
changed by upstream repositories without updating the use of the
dependency in this repo.
Official GitHub-maintained actions are excluded from this requirement
and are left pinned by a tag instead of a commit hash. This action
dependency pinning policy is codified in `.github/zizmor.yml` so that
Zizmor (a static analysis tool for GitHub Actions) doesn't flag these as
unpinned dependencies.
Also add cooldown timer for Dependabot. This fixes these two Zizmor
audits:
* https://docs.zizmor.sh/audits/#dependabot-cooldown
* https://docs.zizmor.sh/audits/#unpinned-uses
Problem: :tab accepts a tab address range but doesn't specify this in
the command specification.
Solution: Add EX_RANGE and EX_ZEROR to the command specification and use
ADDR_TABS (Doug Kearns).
As command modifers are handled separately before these flags are tested
in the ex-command parser they have no effect. However, it's better to
use an accurate description and the command specification table has uses
in other areas like runtime file generation for the Vim filetype.
closes: vim/vim#1910049b8d9903b
Co-authored-by: Doug Kearns <dougkearns@gmail.com>
Problem: String handling can be improved
Solution: Pass string length where it is known to avoid strlen() calls,
do a few minor refactors (John Marriott).
This commit changes some calls to function `set_vim_var_string()` to pass
the string length where it is known or can be easily calculated.
In addition:
In `evalvars.c`:
* In function `set_reg_var()` turn variable `regname` into a C string
because that is how it used.
* Small cosmetics.
In `option.c`:
* Slightly refactor function `apply_optionset_autocmd()` to move some
variables closer to where they are used.
In `getchar.c`:
* Slightly refactor function `do_key_input_pre()`:
-> change call to `dict_add_string()` to `dict_add_string_len()` and
pass it the length of `buf`.
-> only call `get_vim_var_string()` once.
In `message.c`:
* Use a `string_T` to store local variable `p`.
In `normal.c`:
* Move some variables closer to where they are used.
closes: vim/vim#19618727f6e2686
Co-authored-by: John Marriott <basilisk@internode.on.net>
Problem: vim.ui_attach() is unable to display streamed shell output,
and will display it as individual messages.
Unwanted newlines in "shell_ret" message.
Solution: Treat the "shell_*" kinds as non-fast and set msg_show->append
for the streamed stdout/err messages.
Remove leading newline from (translated) message with
ext_messages, remove trailing newline altogether.
Problem:
There is an inconsistency between extmarks/highlights regarding the
`end_col` param.
Solution:
Allow end_col=-1 to mean "end of line" (if strict=false).
Co-authored-by: Justin M. Keyes <justinkz@gmail.com>
Problem:
After #37722 splice optimization for :packadd, nvim crashes with SIGSEGV
on startup while running `runtime! lua/xxx/*` and sourced file executes
multiple `:packadd`.
Solution:
While `do_in_cached_path` is executing, it doesn't expect reference to
runtime_search_path changes. But when callback is called, and
add_pack_dir_to_rtp does 'splice' it may trigger realloc, and change
address. Check runtime_search_path_ref to prevent ref held by
do_in_cached_path changes.
Problem: Documentation of `vim.pack.update()` contains a lot of text
inside nested list. This might be a bit confusing to parse for humans
and definitely confusing to parse for neovim.io.
The description of `vim.pack` directory is not correct for Windows.
Solution: Move description of confirmation buffer in a separate
"subsection".
Use '"data" standard path' instead of '$XDG_DATA_HOME/nvim' when
documenting directory. Also use `|standard-path|` tag to link to
standard path section instead of `|stdpath()|`.
vim-patch:9.2.0062: Using the wrong field with DAP channel mode
vim-patch:9.2.0064: popup: opacity feature causes flickering
vim-patch:9.2.0071: Vim9: lambda function deleted on re-sourcing
vim-patch:9.2.0082: Patch v9.2.0052 was wrong
vim-patch:9.2.0084: Vim9: isn_get_calltype() can be improved
vim-patch:a6550d571 translation: regenerate po/vim.pot after v9.2.0083
vim-patch:9.2.0086: Coverity complains that ScreenLines can be NULL
vim-patch:9.2.0087: popup: redrawing can be improved when moving popups
vim-patch:5a4291d34 runtime(osc52): Omit paste from the osc52 provider when g:osc52_disable_paste is enabled
vim-patch:93cb5e544 translation: regenerate po/vim.pot after v9.2.0088
vim-patch:9166f1c09 translation: regenerate po/vim.pot after v9.2.0093
vim-patch:f7a568ebe runtime(syntax-tests): regenerate dump files (after v9.2.0093)
vim-patch:22c62e269 runtime(syntax-tests): regenerate dump files (after v9.2.0110)
vim-patch:bd77d327d runtime(doc): remove thoughts of generics for a function
vim-patch:9.2.0114: MS-Windows: terminal output may go to wrong terminal
vim-patch:49b81793f runtime(docs): Update CONTRIBUTING.md and mention #vim on libera
vim-patch:9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
Co-authored-by: marvim <marvim@users.noreply.github.com>
Problem: CompleteDone fires with reason="discard" even when the candidate
text was inserted and left in the buffer, because reason was determined
solely by the terminating keycode (Ctrl-Y).
Solution: Check compl_used_match to detect whether inserted
text remains in the buffer, and set reason="accept" accordingly.
Problem: nvim_win_set_config may raise unnecessary errors when not moving a
split.
Solution: skip checks related to moving when only maybe resizing a split.
Problem: No explicit redraw after setting style=minimal in nvim_open_win or
nvim_win_set_config, which may cause it to appear like it's not set.
Solution: call changed_window_setting after applying the style, which should be
enough for these options.
vim-patch:9.2.0124: auto-format may swallow white space
Problem: With auto paragraph formatting enabled, when a user makes an
attempt to add a new word before the end of a line and with
the following space bringing the line width over 'textwidth',
the space ends up just getting swallowed by the editor.
Solution: Detect such a constellation and do not auto-format in that
case (Daniel Müller).
closes: vim/vim#1959324fd698045
Problem: tests: test_textformat.vim leaves swapfiles behind
Solution: Close open buffer using :bw! instead of :close!
271f4fe47b
N/A patches:
vim-patch:9.2.0122: Vim still supports compiling on NeXTSTEP
vim-patch:bab7619: runtime(doc): Update intro.txt about Neovim
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: tests: test_normal fails
Solution: Ensure the terminal width is 40 columns and also
check for existence of the tr.mo file
closes: vim/vim#19608123a1e6410
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: tests: Turkish locale tests fails on Mac
(after v9.1.1480)
Solution: skip the test Test_pos_percentage_in_turkish_locale() on Mac
223189389a
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: nvim_win_set_config may merge configs despite failing to configure a
split, and without applying necessary side-effects (like setting style=minimal
options). Plus, autocommands may apply a different config after the merge,
causing side-effects to apply for an outdated config.
Solution: merge configs last, only on success. Include fields only relevant to
splits. Properly set _cmdline_offset for splits.
Maybe better to disallow _cmdline_offset for splits instead, as the pum is
relative to cmdline_row anyway? (I didn't want to change behaviour too much)
Also use expect_unchanged in an unrelated test to quash a warning.
Problem: nvim_win_set_config with style="minimal" does not take immediate effect
when a split is not moved.
Solution: don't skip nvim_win_set_config's epilogue when only a resize may be
needed. De-duplicate resize logic and remove unnecessary redraw. (win_set*_win
already handles that)
- Support all GNU address extensions.
- Fix some bugs related to erroneous matching of pattern delimiters in
bracket expressions.
closes: vim/vim#19587e948fea640
Co-authored-by: Doug Kearns <dougkearns@gmail.com>
Similar to #38154, shell-test also has the same problem on FreeBSD:
FAILED
1 test, listed below:
FAILED
test/functional/terminal/ex_terminal_spec.lua @
237:
:terminal (with fake shell) executes a given command through the shell
test/functional/terminal/ex_terminal_spec.lua:239: Row 1 did not match.
Expected:
|*^ready $ echo hi |
|* |
|*[Process exited 0] |
| |
Actual:
|*^ |
|*[Process exited 0] |
|* |
| |
To print the expect() call that would assert the current screen state, use
screen:snapshot_util(). In case of non-deterministic failures, use
screen:redraw_debug() to show all intermediate screen states.
Snapshot:
screen:expect([[
^ |
[Process exited 0] |
|*2
]])
stack traceback:
test/functional/ui/screen.lua:909: in function '_wait'
test/functional/ui/screen.lua:537: in function 'expect'
test/functional/terminal/ex_terminal_spec.lua:239: in function <test/functional/terminal/ex_terminal_spec.lua:237>
Running the test repeatedly somehow doesn't trigger the problem, but as
mentioned in #36792 a similar problem has also happened previously.
Problem: Expanded cmdline is left open after entering the cmdline again
without entering a command that emits another message (after 301c7065).
Solution: Wait for msg_show to reinstate the vim.on_key() handler.
If there was no message close the expanded cmdline.
Problem: Prompts and message text (in block mode) in the cmdline are
parsed and highlighted as if it is Vimscript.
Entering the cmdline while it is expanded can work more like
it does with UI1, where the press enter prompt is replaced
and previous messages stay on the message grid, while
subsequent messages are placed below it.
Solution: Highlight manually with string parser on lines starting with ':'.
Spoof cmdline block mode when the cmdline is entered while it
is expanded.
Problem:
helptag.html is used to search for the online help documentation of a
specified tag. The previous URL was `/doc/user/helptag.html` but that
switched to `/doc/user/helptag/` in
https://github.com/neovim/neovim.github.io/pull/437. The alias of the
.html page was added to all other doc pages but forgotten for the
helptag.html page
Solution:
Add the alias to the helptag.html page too
Problem: Previous tests for this relied on other events opening the
targets, which are not guaranteed to happen.
Solution: Open target windows when entering a new tabpage.
