Problem:
If NVIM_LOG_FILE, or the default fallback, is inaccessible (e.g.
directory is owned by root), users get confused.
Solution:
Show a warning when $NVIM_LOG_FILE or $XDG_STATE_HOME are inaccessible.
Also fix a latent memory leak: `os_mkdir_recurse` returns a uv error
code (int), but it was stored as `bool`, causing `os_strerror` to
receive an invalid error code and leak memory.
See: https://docs.libuv.org/en/v1.x/errors.html#c.uv_strerror
Co-authored-by: Sean Dewar <6256228+seandewar@users.noreply.github.com>
Co-authored-by: Justin M. Keyes <justinkz@gmail.com>
Problem: Reading large files is slow because UTF-8 validation and
newline scanning are performed byte-by-byte. Initial file
loading also triggers listener and channel processing.
Solution: Use memchr() for SIMD-optimized newline scanning, implement
word-at-a-time ASCII skipping during UTF-8 validation using a
bitmask, skip listener/netbeans/channel notifications
when the ML_APPEND_NEW flag is set during readfile()
(Yasuhiro Matsumoto).
closes: vim/vim#196122ca96b09d7
Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Co-authored-by: NRK <nrk@disroot.org>
- Improve the performance of all pythonNumber patterns by unrolling
digit/underscore sequence loops.
- Split the float literal pattern into two simpler patterns.
fixes: vim/vim#19625 (Reported by James McCoy)
closes: vim/vim#196302cf18fcc24
Co-authored-by: Doug Kearns <dougkearns@gmail.com>
- remove `set isk+=-` to highlight `-=` operator correctly
- implement highlighting of GID
- fix highlight of hostname and add special value ALL
- fix highlight of IP address
- update include and includedir patterns
- remove duplicate syntax rules
- add missing options
- fix highlight of parameter assignment (limit operators to list
parameters)
- fix highlight of string and list parameters with trailing whitespaces
- implement highlight of permission (octal)
- implement highlight of floating point numbers
- implement highlight of timeout-specific options
- support highlight of negatable options (integer, mode, float, timeout,
string)
- allow sudoersListParameter to be negated
- fix highlight of comma-separated parameter list used as boolean
- fix highlight of parameter negation (prevent highlighting ill-formed `! !`)
- fix highlight of Tag_Spec
- allow empty Runas spec: `()` and `(:)`
- fix highlight of comma-concatenated commands, hosts, and users
- check word boundaries for special value ALL
- implement highlight of Option_Spec
- fix highlight in User_Spec (specifically for Host position)
- fix highlight of `Default!` command
- support highlight of digests (sha224, etc.)
- add syntax test and update header
closes: vim/vim#196348f2cd47404
Co-authored-by: Eisuke Kawashima <e-kwsm@users.noreply.github.com>
Problem: Using a composing character as the end of a range inside a
collection may corrupt the NFA postfix stack
(Nathan Mills, after v9.1.0011)
Solution: When a character is used as the endpoint of a range, do not emit
its composing characters separately. Range handling only uses
the base codepoint.
supported by AI
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r36d6e87542
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem:
When stopping a PTY process on Windows, the exit code indicates that the
process is stopped by SIGTERM even when closing all streams is enough to
terminate the process. This is inconsistent with other platforms.
Solution:
Set exit_signal to SIGHUP instead of SIGTERM when using SIGHUP.
Problem:
Cross-compilation issues encountered when building Neovim for WASM.
When cross-compiling, three issues occur:
1. `-Wl,--no-undefined` — not supported by `wasm-ld`
2. `-lutil` — not available in the Emscripten sysroot
3. Doc generation fails because CMake tries to execute `$<TARGET_FILE:nvim_bin>` on the host machine, which fails because the binary is not native to the host. It fails with `/bin/sh: nvim.js: Permission denied`
Solution:
The fix includes skipping `-Wl,--no-undefined` and `-lutil` with `NOT CMAKE_CROSSCOMPILING` and adding `NVIM_HOST_PRG` variable to `runtime/CMakeLists.txt` so when cross-compiling, it uses a host native nvim binary for doc generation instead of using the cross-compiled target.
Problem:
In aec3d7915c Vim changed prompt-buffers
to respect 'modified' so the termdebug plugin can "control closing the
window". But for most use-cases (REPL, shell, AI "chat", …),
prompt-buffers are in practice always "modified", and no way to "save"
them, so *implicitly* setting 'modified' is noisy and annoying.
Solution:
Don't implicitly set 'modified' when a prompt-buffer is updated.
Plugins/users can still explicitly set 'modified', which will then
trigger the "E37: No write since last change" warning.
Problem: :terminal CWD restoration test may lead to an error log if
after_each() runs before the PTY process calls chdir().
Solution: Wait for some time before wiping the buffer, which can also
prevent SIGHUP being sent to the parent.
Problem: When reconfiguring a float reallocates the grid before the old
area is cleared, artifacts are left on the screen.
Solution: Use the last known compositor dimensions of a grid when
clearing the area covered by the old position.
Co-authored-by: glepnir <glephunter@gmail.com>
Problem:
No completionItem/resolve handler.
Solution:
If completeopt=popup is set, invoke completionItem/resolve when
a completion item is selected. Show resolved documentation in popup next
to the completion menu.
Problem: Since the "[Process exited]" msg is no longer part of buffer
contents, `jobstart`'s reuse of unmodified finished terminal buffers
does not clear the msg.
Solution: Delete the extmark if `term` is already closed.
Problem:
Exit code in :terminal channel test depends on whether the shell or Nvim
TUI in the terminal has registered its SIGHUP handler when jobstop() is
called.
Solution:
Don't use a shell as shells on different systems may handle SIGHUP
differently. Add a screen:expect() to wait for the TUI to start.
Problem: tests: Test_recover_corrupted_swap_file1 fails on big-ending
systems (after v9.2.0077)
Solution: Skip the test on big-endian systems (James McCoy)
The POC files were generated on 64-bit little-endian systems and
therefore are not portable to any other system type.
Extract the 64-bit / endianness detection from
Test_recover_corrupted_swap_file() into a SetUp() function and use that
data to determine if the test should be run.
closes: vim/vim#19620ff16ebdb08
Co-authored-by: James McCoy <jamessan@debian.org>
Problem: update_window_hl dereferenced the pmap_get result without a
NULL check. Also `tmp` had the wrong type and attr_id==0 was rejected
twice.
Solution: check the pointer before dereferencing, change `tmp` to
bool, and update the attr_id check to `< 0`.
Problem:
Under certain circumstances (e.g. gzipped manpages with mandoc),
:Man will not find the correct page because it does not process
multiple extensions correctly.
For example, with a file named strcpy.3p.gz, it will only check the .gz
part to try to check the section.
This leads to some pages being inaccessible because it will return the
page from the wrong section.
Solution:
Loop and try multiple extensions to try to find one which matches
the name of the section.
Also refactor the man.get_path function so that it can be tested.
Add workflow that runs Zizmor, a static analysis tool for GitHub
Actions. This will automatically flag various common security issues
with CI workflows.
Problem: Exception error message only prints the first chunk of a
multi-chunk nvim_echo() message.
Solution: Concatenate consecutive message chunks in the exception
message list.
Problem:
When a terminal process exits, "[Process Exited]" text is added
to the buffer contents.
Solution:
- Return `exitcode` field from `nvim_get_chan_info`.
- Show it in the default 'statusline'.
- Show exitcode as virtual text in the terminal buffer.
Problem
The logic that clears codelenses beyond the buffer also removes the codelenses on the last line.
Solution
Do not clear the codelens on the last line.
Problem:
Cursor style is not set to default when guicursor is disabled. See
return early when guicursor is disabled (rather than resetting the
cursor style to terminal default).
Solution:
Send the appropriate DECSCUSR sequence to reset the cursor style when
guicursor is disabled.
Note that this does not fix#23122. The CSI sequence sent out depends on
the terminal in question. Ideally, it would would send `\x1b[0 q` to
reset the cursor style; the behavior of this sequence depends on the
terminal and configuration in question. See [Ghostty
docs](https://ghostty.org/docs/vt/csi/decscusr) for more details.
In practice, it sends out `\x1b[2 q` (steady block) for Ghostty, which
seems to be coming from the Unibilium database. I'm not sure what it may
send out for other terminals, but it doesn't exactly reset to the
default style.
Problem: Potential buffer overflow in regdump()
Solution: Add the size to the compiled regular expression and ensure we
don't read over the limit.
Note: this is not a security issue, because regdump() is typically not
compiled in any version of Vim, so should not affect anybody.
supported by AI claude.
9360647715
Co-authored-by: Christian Brabandt <cb@256bit.org>
This avoids false positives from existing uses of `GITHUB_ENV` and
`pull_request_target` that are safe, as well as from cache usage in a
workflow that doesn't produce release artifacts.
Replace all template expansions in code contexts with environment
variable substitutions. Template expansion in code contexts can be a
source of code injection vulnerabilities; for more info, see:
https://docs.zizmor.sh/audits/#template-injection
The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions
Set `persist-credentials: false` for all uses of `actions/checkout`.
This prevents git credentials from being stored on disk, and fixes the
following Zizmor audit:
https://docs.zizmor.sh/audits/#artipacked
This improves CI security by ensuring that action dependencies cannot be
changed by upstream repositories without updating the use of the
dependency in this repo.
Official GitHub-maintained actions are excluded from this requirement
and are left pinned by a tag instead of a commit hash. This action
dependency pinning policy is codified in `.github/zizmor.yml` so that
Zizmor (a static analysis tool for GitHub Actions) doesn't flag these as
unpinned dependencies.
Also add cooldown timer for Dependabot. This fixes these two Zizmor
audits:
* https://docs.zizmor.sh/audits/#dependabot-cooldown
* https://docs.zizmor.sh/audits/#unpinned-uses
Problem: :tab accepts a tab address range but doesn't specify this in
the command specification.
Solution: Add EX_RANGE and EX_ZEROR to the command specification and use
ADDR_TABS (Doug Kearns).
As command modifers are handled separately before these flags are tested
in the ex-command parser they have no effect. However, it's better to
use an accurate description and the command specification table has uses
in other areas like runtime file generation for the Vim filetype.
closes: vim/vim#1910049b8d9903b
Co-authored-by: Doug Kearns <dougkearns@gmail.com>
Problem: String handling can be improved
Solution: Pass string length where it is known to avoid strlen() calls,
do a few minor refactors (John Marriott).
This commit changes some calls to function `set_vim_var_string()` to pass
the string length where it is known or can be easily calculated.
In addition:
In `evalvars.c`:
* In function `set_reg_var()` turn variable `regname` into a C string
because that is how it used.
* Small cosmetics.
In `option.c`:
* Slightly refactor function `apply_optionset_autocmd()` to move some
variables closer to where they are used.
In `getchar.c`:
* Slightly refactor function `do_key_input_pre()`:
-> change call to `dict_add_string()` to `dict_add_string_len()` and
pass it the length of `buf`.
-> only call `get_vim_var_string()` once.
In `message.c`:
* Use a `string_T` to store local variable `p`.
In `normal.c`:
* Move some variables closer to where they are used.
closes: vim/vim#19618727f6e2686
Co-authored-by: John Marriott <basilisk@internode.on.net>
Problem: vim.ui_attach() is unable to display streamed shell output,
and will display it as individual messages.
Unwanted newlines in "shell_ret" message.
Solution: Treat the "shell_*" kinds as non-fast and set msg_show->append
for the streamed stdout/err messages.
Remove leading newline from (translated) message with
ext_messages, remove trailing newline altogether.
Problem:
There is an inconsistency between extmarks/highlights regarding the
`end_col` param.
Solution:
Allow end_col=-1 to mean "end of line" (if strict=false).
Co-authored-by: Justin M. Keyes <justinkz@gmail.com>
