Problem: Vim9: type documentation out-dated
Solution: Update documentation, fix typo in type alias
definition
closes: #13684
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: not able to use imported interfaces and classes
Solution: Detect imported class/interfaces names correclty
fixes: #13661closes: #13685
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: instanceof() should use varargs as second arg
Solution: Modify `instanceof()` to use varargs instead of list
Modify `instanceof()` to use varargs instead of list
Valid `instanceof()` arguments are `type`s. A `type` is not a value;
it cannot be added to a list.
This change is non-compatible with the current usage of instanceof;
but instanceof is relatively new and it's a trivial change.
fixes: #13421closes: #13644
Signed-off-by: Ernie Rael <errael@raelity.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in check_argument_type
Solution: Reset function type pointer when freeing the function type
list
function pointer fp->uf_func_type may point to the same memory, that was
allocated for fp->uf_type_list. However, when cleaning up a function
definition (e.g. because it was invalid), fp->uf_type_list will be
freed, but fp->uf_func_type may still point to the same (now) invalid
memory address.
So when freeing the fp->uf_type_list, check if fp->func_type points to
any of those types and if it does, reset the fp->uf_func_type pointer to
the t_func_any (default) type pointer
closes: #13652
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: incorrectly parses :def func definitions
Solution: check for more context when parsing function args
Signed-off-by: Christian Brabandt <cb@256bit.org>
Incorrectly parses def function definitions
Vim currently allows to define the following vim9 function:
def Func(f=
)
enddef
It currently thinks a Lambda is following the `=` but it doesn't check,
that there is actually an expression following. So when such a think is
encountered, remember that an expression should be following.
If no expression is coming in the next few lines, fail parsing the
function arguments, which will Vim no longer accept such a function.
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: can use typealias in an assignment
Solution: Generate errors when class/typealias involved in the rhs of an
assignment
closes: #13637
Signed-off-by: Ernie Rael <errael@raelity.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Generate errors when class/typealias involved in assignment.
Problem: Vim9: type not kept when assigning vars
Solution: When assigning a List or a Dict value to a variable of type
'any', keep the type
closes: #13639closes: #13646
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The options[] array is not sorted alphabetically.
Solution: Sort it alphabetically. Add a test. Avoid unnecessary loop
iterations in findoption().
closes: #13648
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: no support to build on OpenVMS
Solution: Add OpenVMS X86_64 platform port
closes: #13623
Co-authored-by: errael <errael@raelity.com>
Co-authored-by: K.Takata <kentkt@csc.jp>
Signed-off-by: Zoltan Arpadffy <zoltan.arpadffy@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Using type unknown for List/Dict containers
Solution: Use 'any' instead
fixes: #13582closes: #13625
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: 'breakindent' is not drawn after diff filler lines.
Solution: Correct check for whether 'breakindent' should be drawn.
closes: #13624
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Using int for errbuflen in option funcs
Solution: Use size_t for errbuflen in string option functions
Use size_t for errbuflen in string option functions
This started as size_t to int warning on Windows in
do_set_option_string(). Other option setting functions are using size_t
for errbuflen so I changed the type in the argument list and then chased
further compiler warnings into the string option functions in
optionstr.c changing ints to size_t as I went.
I also changed the type of os_errbuflen in optset_T to size_t and
updated related argument lists in optionstr.c, as well as updating
set_string_option() to also use size_t for errbuflen for consistency
with other string option setting functions.
closes: #13628
Signed-off-by: Mike Williams <mikew@globalgraphics.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in exec_instructions()
Solution: get tv pointer again
[security]: use-after-free in exec_instructions()
exec_instructions may access freed memory, if the GA_GROWS_FAILS()
re-allocates memory. When this happens, the typval tv may still point to
now already freed memory. So let's get that pointer again and compare it
with tv. If those two pointers differ, tv is now invalid and we have to
refresh the tv pointer.
closes: #13621
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim does not detect pacman.log file
Solution: Detect pacmanlogs and add syntax highlighting
pacman.log is a filetype common to Arch Liux and related distributions.
Add some simple syntax highlighting for the pacmanlog filetype.
closes: #13618
Signed-off-by: Ronan Pigott <ronan@rjp.ie>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Type check tests fail without the channel feature
Solution: only run tests, when Vim was build with +channel
fixes: #13617closes: #13619
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: text-property without type errors when joining
Solution: count all text-properties, with or without type
before joining lines
Error when joining lines with text properties without a proper type
When joining lines, we need to consider all text properties that are
attached to a line, even when those text properties are invalid and do
not have a type attached to them.
However, since patch v9.0.0993
(commit: 89469d157aea01513bde826b4519dd6b5fbceae4)
those text properties won't be counted when joining lines and therefore
this will cause the adjustment for text properties on joining to go
wrong (and may later cause SIGABRT with an invalid free pointer)
I am not sure, why the condition to not count text properties with a
valid type was added in patch v9.0.993, because no test fails if those
condition is removed. So let's just remove this condition and add a test
that verifies, that we are able to join lines, even when the text
properties attached to it do not have a valid type.
fixes: #13609closes: #13614
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Wrong scrolling in Insert mode with 'smoothscroll' at the
bottom of the window.
Solution: Don't use set_topline() when 'smoothscroll' is set.
fixes: #13612closes: #13613
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Text properties causes wrong line wrapping to be drawn.
Solution: Find the index of the last text property that inserts text.
closes: #13611
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: stack-buffer-overflow in option callback functions
Solution: pass size of errbuf down the call stack, use snprintf()
instead of sprintf()
We pass the error buffer down to the option callback functions, but in
some parts of the code, we simply use sprintf(buf) to write into the error
buffer, which can overflow.
So let's pass down the length of the error buffer and use sprintf(buf, size)
instead.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array
Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in win-enter
Solution: validate window pointer before calling win_enter()
win_goto() may stop visual mode, if it is active. However, this may in
turn trigger the ModeChanged autocommand, which could potentially free
the wp pointer which was valid before now became stale and points to now
freed memory.
So before calling win_enter(), let's verify one more time, that the
wp pointer still points to a valid window structure.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: html.angular ft is problematic
Solution: partly revert v9.0.2137
The html.angular filetype causes issues and does not trigger FileType
autocommands for the html or angular filetypes.
So let's roll back that particular change and detect this only as html
file
related: https://github.com/vim/vim/pull/13594#issuecomment-1834465890closes: #13604
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Overflow logic requires long long
Solution: Define vimlong_T data type to make life easier
for porters
closes: #13598
Signed-off-by: Ernie Rael <errael@raelity.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: MSVC errorformat can be improved
Solution: parse error type and column number in MSVC errorformat
closes: #13587
Signed-off-by: Shawn Hatori <shawn.hatori@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: No test for mode() when executing Ex commands
Solution: Add some test cases and simplify several other test cases.
Also add a few more test cases for ModeChanged.
closes: #13588
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: ml_get error when scrolling after delete
Solution: mark topline to be validated in main_loop
if it is larger than current buffers line
count
reset_lnums() is called after e.g. TextChanged autocommands and it may
accidentally cause curwin->w_topline to become invalid, e.g. if the
autocommand has deleted some lines.
So verify that curwin->w_topline points to a valid line and if not, mark
the window to have w_topline recalculated in main_loop() in
update_topline() after reset_lnums() returns.
fixes: #13568fixes: #13578
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Duplicate Netbeans Error Message
Solution: Remove duplicate message
We have 2 error Messages used for the Netbeans interface:
- EXTERN char e_invalid_buffer_identifier_in_close[]
INIT(= N_("E648: Invalid buffer identifier in close"));
- EXTERN char e_invalid_buffer_identifier_in_close_2[]
INIT(= N_("E649: Invalid buffer identifier in close"));
Since the error message is exactly the same, get rid of the second
message.
closes: #13584
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: not all nushell files detected
Solution: use *.nu to detect nushell files
closes: #13586
Signed-off-by: Daniel Buch Hansen <boogiewasthere@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: some errors with translation Makefiles
Solution: fix issues
Update src/po/ makefiles after 9.0.2127
* Change how to check `%LANGUAGE%`.
Check it only when needed.
* Add double quotes to where `GETTEXT_PATH` is used.
Before 9.0.2127, this worked: `nmake -f Make_mvc.mak GETTEXT_PATH="\"C:\Program Files\Git\usr\bin\""` (which was a bit tricky.)
9.0.2127 broke this and syntax error occurred.
This doesn't work either in 9.0.2127: `nmake -f Make_mvc.mak GETTEXT_PATH="C:\Program Files\Git\usr\bin"`
With this Commit, this works: `nmake -f Make_mvc.mak GETTEXT_PATH="C:\Program Files\Git\usr\bin"`
* Better error report for the `check` target.
Show the line number of the error. (Imported from vim-jp/lang-ja.)
closes: #13567
Signed-off-by: Ken Takata <kentkt@csc.jp>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in call_dfunc()
Solution: Refresh dfunc pointer
closes: #13571
This Commit fixes a SEGV caused by a use-after-free bug in call_dfunc().
When calling check_ufunc_arg_types() from the call_dfunc() it may cause
def functions to be re-compiled and if there are too many def functions,
the def_functions array will be re-allocated. Which means, that the
dfunc pointer in call_dfunc() now starts pointing to freed memory.
So we need to reset the dfunc pointer after calling
check_ufunc_arg_types().
Let's also add a test, to ensure we do not regress.
Signed-off-by: mityu <mityu.mail@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Add syntax and filetype plugins for SWIG (Simplified Wrapper Interface
Generator) description files.
The default syntax for .i files highlights comments in a reverse
color scheme which doesn't look well. This syntax builds
on vim's c++ syntax by adding highlighting for common swig
directives and user defined directives. For an alternative
syntax, see vimscript #1247 (which I found after writing this).
closes: #13562
Co-authored-by: Matěj Cepl <mcepl@cepl.eu>
Co-authored-by: Julien Marrec <julien.marrec@gmail.com>
Signed-off-by: Julien Marrec <julien.marrec@gmail.com>
Signed-off-by: Doug Kearns <dougkearns@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: translation Makefiles can be improved
Solution: Modified and extended po-related Makefiles and
related files
closes: #13518
Signed-off-by: RestorerZ <restorer@mail2k.ru>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Unused assignments when checking the value of 'listchars'.
Solution: Loop only once when just checking the value. Add a test to
check that this change doesn't cause double-free.
closes: #13559
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: File info disappears immediately when 'cmdheight' has just
decreased due to switching tabpage and 'shortmess' doesn't
contain 'o' or 'O'.
Solution: Make sure msg_row isn't smaller than cmdline_row.
fixes: #13560closes: #13561
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: INT overflow logic can be simplified
Solution: introduce trim_to_int() function
closes: #13556
Signed-off-by: Ernie Rael <errael@raelity.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Problem with initializing the length of range() lists
Solution: Set length explicitly when it shouldn't contain any items
range() may cause a wrong calculation of list length, which may later
then cause a segfault in list_find(). This is usually not a problem,
because range_list_materialize() calculates the length, when it
materializes the list.
In addition, in list_find() when the length of the range was wrongly
initialized, it may seem to be valid, so the check for list index
out-of-bounds will not be true, because it is called before the list is
actually materialized. And so we may eventually try to access a null
pointer, causing a segfault.
So this patch does 3 things:
- In f_range(), when we know that the list should be empty, explicitly
set the list->lv_len value to zero. This should happen, when
start is larger than end (in case the stride is positive) or
end is larger than start when the stride is negative.
This should fix the underlying issue properly. However,
- as a safety measure, let's check that the requested index is not
out of range one more time, after the list has been materialized
and return NULL in case it suddenly is.
- add a few more tests to verify the behaviour.
fixes: #13557closes: #13563
Co-authored-by: Tim Pope <tpope@github.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: prevent overflow in indenting
Solution: use long long and remove cast to (int)
The shiftwidth option values are defined as being long. However, when
calculating the actual amount of indent, we cast down to (int), which
may cause the shiftwidth value to become negative and later it may even
cause Vim to try to allocate a huge amount of memory.
We already use long and long long variable types to calculate the indent
(and detect possible overflows), so the cast to (int) seems superfluous
and can be safely removed. So let's just remove the (int) cast and
calculate the indent using longs.
Additionally, the 'shiftwidth' option value is also used when determining
the actual 'cino' options. There it can again cause another overflow, so
make sure it is safe in parse_cino() as well.
fixes: #13554closes: #13555
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: use-after-free in ex_substitute
Solution: always allocate memory
closes: #13552
A recursive :substitute command could cause a heap-use-after free in Vim
(CVE-2023-48706).
The whole reproducible test is a bit tricky, I can only reproduce this
reliably when no previous substitution command has been used yet
(which is the reason, the test needs to run as first one in the
test_substitute.vim file) and as a combination of the `:~` command
together with a :s command that contains the special substitution atom `~\=`
which will make use of a sub-replace special atom and calls a vim script
function.
There was a comment in the existing :s code, that already makes the
`sub` variable allocate memory so that a recursive :s call won't be able
to cause any issues here, so this was known as a potential problem
already. But for the current test-case that one does not work, because
the substitution does not start with `\=` but with `~\=` (and since
there does not yet exist a previous substitution atom, Vim will simply
increment the `sub` pointer (which then was not allocated dynamically)
and later one happily use a sub-replace special expression (which could
then free the `sub` var).
The following commit fixes this, by making the sub var always using
allocated memory, which also means we need to free the pointer whenever
we leave the function. Since sub is now always an allocated variable,
we also do no longer need the sub_copy variable anymore, since this one
was used to indicated when sub pointed to allocated memory (and had
therefore to be freed on exit) and when not.
Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: un-used assignment in do_source_buffer_init
Solution: Remove it
Coverity warns about assigning NULL to line in scriptfile.c:1408,
because right after that assignment, in the next iteration of the loop,
line will be overwritten by the next value from vim_strsave().
And in case this was the last iteration, the line variable is no longer
used until the function returns. So we can safely remove that assignment.
closes: #13547
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: remove dead-condition in ex_class()
Solution: remove the extra condition
The variable is_class must be true once we reach the
,----
| else if (has_static)
`----
in line 1750, because we break out earlier if is_class is false in line
1598 of vim9class.c. And once 'has_static = TRUE', we must be in a
class and there fore is_class is true.
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: avoid double-free
Solution: Only fee plain_font, when it is not the same as bold_font
When plain_font == bold_font and bold_font is not NULL, we may end up
trying to free bold_font again, which already has been freed a few lines
above.
So only free bold_font, when the condition gui.font_can_bold is true,
which means that bold_font is not pointing to plain_font (so it needs to
be freed separately).
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security] use-after-free in qf_free_items
Solution: only access qfpnext, if it hasn't been freed
Coverity discovered a possible use-after-free in qf_free_items. When
freeing the qfline items, we may access freed memory, when qfp ==
qfpnext.
So only access qfpnext, when it hasn't been freed.
Signed-off-by: Christian Brabandt <cb@256bit.org>
