Problem:
- Builtin "Vimscript" functions (f_xx) are mostly implemented in C.
Partly that's because there is some boilerplate required to call out
to Lua.
- Calls to `vim.fn.foo()` always marshall over the Lua <=> Vimscript
("typval") bridge, even if `fn.foo()` is implemented entirely in Lua:
```
Lua => typval => Object => Lua => Object => typval => Lua.
```
Solution:
Functions declared in eval.lua with `func_lua` are implemented in
entirely in Lua (`_core/vimfn.lua`).
- `gen_eval.lua` wires `func_lua` entries to `lua_wrapper`, which handles
the typval conversion for Vimscript callers (slow path).
- `nlua_call()` detects `func_lua` functions and calls the Lua
implementation directly. This eliminates all conversion overhead for
Lua callers (fast path).
- Validate at build-time that `func`, `func_float`, and `func_lua` are
mutually exclusive.
- Migrate `hostname()` as a toy example, to show the idea.
Problem: Documentation based on patches is outdated.
Solution: Add changes to documentation in a patch.
853886722c
Trailing space was removed in later patches.
Also fix a few more misplaced error numbers from #8155.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem:
- Choosing a new EXX error code is tedious.
- It's possible to accidentally use an EXX error code for different
purposes.
Solution:
Add a lint check which requires EXX error codes to have a :help tag.
This also avoids duplicates because `make doc` does `:helptags ++t doc`
which fails if duplicates are found.
Problem:
Naming conventions are not automatically checked.
Solution:
Add a check to the doc generator. Eventually we should extract this
somehow, but that will require refactoring the doc generator...
Note: this also checks non-public functions, basically anything that
passes through `gen_eval_files.lua` and `gen_vimdoc.lua`. And that's
a good thing.
Problem: When closing floating windows to close a tabpage, if the current
buffer will unload, buffers contained in those floating windows
will too (unexpectedly).
Solution: Don't pass along "free_buf" argument; check 'bufhidden' for
the buffer in the to be closed float.
Problem:
Several zh_CN translations were marked fuzzy with wrong or placeholder msgstr.
Solution:
Fix fuzzy entries, preserve format specifiers, use full-width punctuation.
Problem: Treesitter highlighting regressed on 32-bit builds because ranges that should cover the whole buffer were corrupted when passed into Lua.
Solution: Round-trip those range values through Lua and validate them so treesitter sees the same ranges on 32 and 64-bit builds.
Problem: repeat_string() can be improved
Solution: Replace the for() loop by an exponential growing while loop
(Yasuhiro Matsumoto)
closes: vim/vim#19977bfa46a52f6
Cherry-pick f_repeat() refactor from patch 9.1.1232.
Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
continues d0af4cd909.
This commit renames positional parameters. This is only "cosmetic", but
is intended to make it extra clear which name is preferred, since people
often copy existing code despite the guidelines in `:help dev-naming`.
In 3a4a66017b, 4d3a67cd62, df8d98173c we renamed "buffer" to "buf"
in dict parameters and return-values.
This commit renames positional parameters. This is only "cosmetic", but
is intended to make it extra clear which name is preferred, since people
often copy existing code despite the guidelines in `:help dev-naming`.
Problem: Wrong cursor position when entering command line window
Solution: Add check_cursor() command to verify the cursor position
(Hirohito Higashi).
When opening the command-line window with CTRL-F after typing a command
that fills the screen width, the cursor was placed past the end of the
line. Add check_cursor() after setting State to MODE_NORMAL so the
cursor is adjusted to the last character.
Also fix the cmdwin prefix character (e.g. ':') being drawn on wrapped
continuation rows. Draw an empty space instead so that the text
alignment is preserved.
closes: vim/vim#19964c4fe1e958a
Cherry-pick Test_wildmenu_pum() changes from patch 9.1.1995.
Co-authored-by: Hirohito Higashi <h.east.727@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Problem: potential buffer underrun when settings statusline like option
(q1uf3ng)
Solution: Validate that p > out before accessing p[-1]
closes: vim/vim#1996191b402f575
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem: Wrong autoformatting with 'autocomplete'.
Solution: Don't trigger autoformatting when ending autocompletion
without selecting an item (zeertzjq).
fixes: vim/vim#19954closes: vim/vim#19970efbd482116
Problem:
`gf` and `<cfile>` treat `file:/absolute/path` as a literal path and
open `file:/...` instead of the local file.
Solution:
Strip the local `file:` prefix before path resolution in the hyperlink
path code.
Problem: The cursor shape is changed to indicate when it is behind an
unfocused floating window (since a2b92a5e). This behavior
cannot be controlled by a floating window that doesn't want
to dim the cursor.
Solution: Assign a zindex-offset of 50 to the zindex of the current
window. To not dim the cursor when creating a floating window
on top of the current window one can assign the zindex
accordingly.
Problem:
clang-analyzer-security.PointerSub reports "Subtraction of two pointers
that do not point into the same array is undefined behavior" in the
HIKEY2SFT macro. Computing the offset of a flexible array member by
subtracting pointers from a dummy static object, is technically UB.
Solution:
Use standard `offsetof()` instead.
Co-Authored-By: Claude
Problem: clang 21 added core.FixedAddressDereference, which reports
"dereference of a fixed address (loaded from variable 'r')" in regexp.c
after xmalloc(). The analyzer doesn't model xmalloc as always returning
a valid heap pointer (it aborts on failure), so it constructs impossible
paths.
Solution: Suppress globally in the clang-analyzer cmake target.
Co-Authored-By: Claude
Problem:
clang 21 promoted alpha.security.ArrayBoundV2 to security.ArrayBound
(stable). This new check reports false-positive "out of bound access"
errors in drawline.c and vimscript.c, where the analyzer constructs
impossible paths (e.g. concealed line with draw_text=false yet ptr
advanced past the NUL terminator, or root AST node with a "next"
sibling).
Per-line NOLINT suppression doesn't work because the analyzer finds
multiple paths to the same false positive.
Solution:
Disable clang-analyzer-security.ArrayBound globally in the
clang-analyzer cmake target until the check matures.
Co-Authored-By: Claude
Problem: Attempting to emit cmdline_block event with NULL cmdbuff after
<C-\><C-N> in Ex-mode.
Solution: Don't emit cmdline_block event when cmdbuff is NULL.
Problem:
- Not obvious which _meta/ are generated and which should be edited
manually.
- The require guard (`error('Cannot require a meta file')`) is not
consistently present in all meta files.
Solution:
- Update headers.
- Add require() guard to all meta files.
- Rename generated meta files with `.gen.lua`.
Problem:
- Lots of redundant text in options docs for "not allowed in
a modeline", even though we already have a flag that indicates that.
- `deny_in_modelines` is an old vestigial flag only used by 'encoding'
(which never changes).
Solution:
- Generate docs based on the `secure` flag.
- Remove the `deny_in_modelines` flag (`kOptFlagNoML`).
Problem: compl_preselect_match is set even when completeopt doesn't
include preselect.
Solution: Check kOptCotFlagPreselect in ins_compl_add before setting
compl_preselect_match.
Problem: nfa_regmatch() allocates and frees two list buffers on every
call, causing unnecessary memory allocation overhead for
frequently used patterns.
Solution: Cache the list buffers in the regprog struct and reuse them
on subsequent top-level calls. Recursive calls still allocate
their own buffers. Free cached buffers in nfa_regfree()
(Yasuhiro Matsumoto).
Benchmark: 10K lines, `:%s` x50 iterations
| Pattern | Before | After | Improvement |
|---|---|---|---|
| `\<\(\w\+\%(ing\|tion\|ed\|ly\)\|\w\{3,}\)\>` (many matches) | 4.384s | 4.299s | -2% |
| `\(foo\|bar\|baz\)\{3,}\(qux\|quux\|corge\)\{2,}...` (no match, high nstate) | 16.927s | 3.015s | -82% |
closes: vim/vim#19956105d65e29b
Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Problem: win_linetabsize() includes wrap overhead from 'linebreak'
based on current window width, but the result sizes the window,
causing a feedback loop.
Solution: Temporarily set w_view_width to Columns before measuring.
Problem:
Due to optimizations c936ae0f36, nvim prints literal spaces instead of using
`erase_chars` in widths <= 5 even if the terminal advertises `erase_chars`
support (perhaps a small-output size heuristic). However, this is not
semantically neutral: in some terminals, erased cells and printed spaces are
copied differently.
I ended up with two useful groups of results.
First, I tested raw terminal behavior without nvim involved:
| Terminal | Raw plain text | Raw `erase_chars` | Raw literal spaces |
| --- | --- | --- | --- |
| xterm | clean | trailing spaces copied | trailing spaces copied |
| xfce4-terminal | clean | clean | trailing spaces copied |
Second, I tested nvim itself:
| Terminal | no patch | with this patch |
| --- | --- | --- |
| xfce4-terminal | trailing spaces reproduced | clean |
| xterm | trailing spaces reproduced | trailing spaces reproduced |
| Alacritty | clean | clean |
| Ghostty | clean | clean |
| WezTerm | clean | clean |
Nvim often prints spaces instead of sending `erase_chars`, which this patch
changes for short clears when the terminal advertises it. This fixes
xfce4-terminal because raw `erase_chars` are already cleaned up by the terminal,
while spaces aren't. ***Notably, xterm is different***: even when `erase_chars`
is sent directly (NO NVIM INVOLVED) xterm *still* copies those cleared blank
trailing cells (and this is documented). So for xterm, which is the only
remaining problematic fix, I'm quite sure there's nothing we ought to do on the
Nvim side.
Solution:
Drop the `width >= 5` condition.
Problem:
If `'keywordprg'` begins with `:`, `3K` turns the count into an Ex
range. Commands that don't support that then fail. Vim passes the count
as the first arg (see #19436, vim/vim#10745).
Solution:
Pass `[count]` as the first arg for `'keywordprg'`.
Problem: hlgroup2dict passes &ns_id to ns_get_hl twice. The first call
(link=true) sets *ns_hl = 0 when link_global is set, so the second call
and the sg_cleared guard both see ns_id == 0 and bail out. The group is
silently dropped from the result.
Solution: use a temporary copy of ns_id for each ns_get_hl call so the
original value is preserved.
Problem:
Neovim currently fails to build on GNU Hurd. Because Hurd relies on
glibc, `<sys/param.h>` defines the `BSD` macro for 4.4BSD compatibility.
The preprocessor incorrectly routes Hurd into the BSD code paths, which
fatally fail during compilation because Hurd lacks `<sys/sysctl.h>` and
the `sysctl()` function.
Solution:
Update the preprocessor guards in `os/proc.c` to explicitly exclude
`__gnu_hurd__` from the BSD-specific `sysctl` blocks. Instead, group GNU
Hurd with the `__linux__` paths, as both systems rely on standard POSIX
interfaces and `/proc` parsing (which Hurd fully supports via its
`procfs` translator).
Testing:
The test suite does not fully pass yet natively on GNU Hurd
(specifically tests involving PTY closures and SIGHUP/SIGTERM trapping,
like `autocmd TermClose kills PTY job`). This is due to underlying
differences in Hurd's Mach RPC architecture and the `term` translator.
This patch does not attempt to fix those test executions, but simply
unblocks the core compiler as a necessary first step.
Problem:
The ui compositor does not use grid_scroll events when a grid other than
the built in msg_grid exists above the scrolled grid, regardless of
whether it actually intersects the scrolled grid anywhere in the
scrolled region.
When another layer exists at a higher zindex, the ui compositor falls
back to composing every line of the scrolled grid. This is especially
evident when using ui2 which creates a floating window that replaces the
built-in msg_grid. Scrolling around with ui2 enabled has poor
performance because the entire grid is recomposed on every scroll
instead of using grid_scroll.
Solution:
Instead of just checking whether another grid exists at a higher zindex
than curgrid, ensure there's a grid above the curgrid that is positioned
over the particular rectangle of interest, which could be a subrectangle
of the whole grid.
Grids above the curgrid that don't intersect there no longer count as
covering the curgrid, and the compositor can continue to use grid_scroll
scroll events. The floating window created for the command line/messages
with ui2 never intersects with the scrolled region of the main window
grid, which allows performant scrolling with it enabled.
Problem: Breaking a link with update=true loses colors inherited from
the linked group.
Solution: Copy color indices from the linked group so inherited colors
remain visible in :hi output.
vim-patch:9.2.0313: Callback channel not registered in GUI
vim-patch:9.2.0319: popup: rendering issues with partially transparent popups
vim-patch:9.2.0322: tests: test_popupwin fails
vim-patch:3e194b106 runtime(vimball): detect more path traversal attacks
vim-patch:9.2.0335: json_encode() uses recursive algorithm
vim-patch:9.2.0309: Missing out-of-memory check to may_get_cmd_block()
vim-patch:9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys()
vim-patch:8.2.2824: MS-Windows: build failure with MSVC
vim-patch:9.1.1692: global_functions are not constant
Problem: spell_read_aff() uses sprintf() into a fixed-size stack buffer
without bounds checking. store_aff_word() uses STRCAT() to
append attacker-controlled strings into newword[MAXWLEN] without
checking remaining space. Both are reachable via :mkspell with
crafted .aff/.dic files (xinyi234)
Solution: Replace sprintf() with vim_snprintf() in spell_read_aff().
Replace STRCAT() with STRNCAT() with explicit remaining-space
calculation in store_aff_word().
closes: vim/vim#1994407faa961a0
Co-authored-by: Christian Brabandt <cb@256bit.org>
