thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity
19,086 Commits 1 Branch 1,905 Tags
4e141c66b9104136ddcf9cc240d2fbc83d825a5a
Commit Graph

57 Commits

Author SHA1 Message Date
Christian Brabandt
26c11c5688 patch 9.0.2121: [security]: use-after-free in ex_substitute 
Problem:  [security]: use-after-free in ex_substitute
Solution: always allocate memory

closes: #13552

A recursive :substitute command could cause a heap-use-after free in Vim
(CVE-2023-48706).

The whole reproducible test is a bit tricky, I can only reproduce this
reliably when no previous substitution command has been used yet
(which is the reason, the test needs to run as first one in the
test_substitute.vim file) and as a combination of the `:~` command
together with a :s command that contains the special substitution atom `~\=`
which will make use of a sub-replace special atom and calls a vim script
function.

There was a comment in the existing :s code, that already makes the
`sub` variable allocate memory so that a recursive :s call won't be able
to cause any issues here, so this was known as a potential problem
already.  But for the current test-case that one does not work, because
the substitution does not start with `\=` but with `~\=` (and since
there does not yet exist a previous substitution atom, Vim will simply
increment the `sub` pointer (which then was not allocated dynamically)
and later one happily use a sub-replace special expression (which could
then free the `sub` var).

The following commit fixes this, by making the sub var always using
allocated memory, which also means we need to free the pointer whenever
we leave the function. Since sub is now always an allocated variable,
we also do no longer need the sub_copy variable anymore, since this one
was used to indicated when sub pointed to allocated memory (and had
therefore to be freed on exit) and when not.

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q

Signed-off-by: Christian Brabandt <cb@256bit.org>
 2023-11-22 21:52:45 +01:00
Christian Brabandt
ac63787734 patch 9.0.2108: [security]: overflow with count for :s command 
Problem:  [security]: overflow with count for :s command
Solution: Abort the :s command if the count is too large

If the count after the :s command is larger than what fits into a
(signed) long variable, abort with e_value_too_large.

Adds a test with INT_MAX as count and verify it correctly fails.

It seems the return value on Windows using mingw compiler wraps around,
so the initial test using :s/./b/9999999999999999999999999990 doesn't
fail there, since the count is wrapping around several times and finally
is no longer larger than 2147483647. So let's just use 2147483647 in the
test, which hopefully will always cause a failure

Signed-off-by: Christian Brabandt <cb@256bit.org>
 2023-11-16 22:04:37 +01:00
Christian Brabandt
ee17b6f70d patch 9.0.1886: Various Typos 
Problem:  Various Typos
Solution: Fix Typos

This is a collection of typo related commits.

closes: #12753
closes: #13016

Co-authored-by: Adri Verhoef <a3@a3.xs4all.nl>
Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Co-authored-by: Viktor Szépe <viktor@szepe.net>
Co-authored-by: nuid64 <lvkuzvesov@proton.me>
Co-authored-by: Meng Xiangzhuo <aumo@foxmail.com>
Co-authored-by: Dominique Pellé <dominique.pelle@gmail.com>

Signed-off-by: Christian Brabandt <cb@256bit.org>
 2023-09-09 11:31:38 +02:00
Christian Brabandt
18d2709aa1 patch 9.0.1877: missing test for patch 9.0.1873 
Problem:  missing test for patch 9.0.1873
Solution: add a test trying to exchange windows

Add a test, making sure that switching windows is not allowed when
textlock is active, e.g. when running `:s/<pat>/\=func()/`

Signed-off-by: Christian Brabandt <cb@256bit.org>
 2023-09-06 20:02:27 +02:00
Bram Moolenaar
a4467c433a patch 9.0.1535: test commented out in a wrong way 
Problem:    Test commented out in a wrong way.
Solution:   Use legacy script comment character.
 2023-05-09 22:07:11 +01:00
Bram Moolenaar
916d6dd5b1 patch 9.0.1534: test for expanding "~" in substitute takes too long 
Problem:    Test for expanding "~" in substitute takes too long.
Solution:   Disable the test for now.
 2023-05-09 21:45:47 +01:00
Bram Moolenaar
ab9a2d884b patch 9.0.1532: crash when expanding "~" in substitute causes very long text 
Problem:    Crash when expanding "~" in substitute causes very long text.
Solution:   Limit the text length to MAXCOL.
 2023-05-09 21:15:30 +01:00
Bram Moolenaar
94722c5107 patch 9.0.1257: code style is not check in test scripts 
Problem:    Code style is not check in test scripts.
Solution:   Add basic code style check for test files.
 2023-01-28 19:19:03 +00:00
Bram Moolenaar
3ac1d97a1d patch 9.0.1145: invalid memory access with recursive substitute expression 
Problem:    Invalid memory access with recursive substitute expression.
Solution:   Check the return value of vim_regsub().
 2023-01-04 17:17:54 +00:00
Bram Moolenaar
cc762a48d4 patch 9.0.0947: invalid memory access in substitute with function 
Problem:    Invalid memory access in substitute with function that goes to
            another file.
Solution:   Check for text locked in CTRL-W gf.
 2022-11-25 13:03:31 +00:00
Bram Moolenaar
56564964e6 patch 9.0.0719: too many delete() calls in tests 
Problem:    Too many delete() calls in tests.
Solution:   Use deferred delete where possible.
 2022-10-10 22:39:42 +01:00
Bram Moolenaar
73e28dcc61 patch 9.0.0491: no good reason to build without the float feature 
Problem:    No good reason to build without the float feature.
Solution:   Remove configure check for float and "#ifdef FEAT_FLOAT".
 2022-09-17 21:08:33 +01:00
zeertzjq
abd58d8aee patch 9.0.0480: cannot use a :def varargs function with substitute() 
Problem:    Cannot use a :def varargs function with substitute().
Solution:   Use has_varargs(). (closes #11146)
 2022-09-16 16:06:32 +01:00
zeertzjq
48db5dafec patch 9.0.0476: varargs does not work for replacement function of substitute() 
Problem:    Varargs does not work for replacement function of substitute().
Solution:   Check the varargs flag of the function. (closes #11142)
 2022-09-16 12:10:03 +01:00
Bram Moolenaar
a04f457a6c patch 9.0.0457: substitute prompt does not highlight an empty match 
Problem:    Substitute prompt does not highlight an empty match.
Solution:   Highlight at least one character.
 2022-09-13 13:45:26 +01:00
Bram Moolenaar
b18b496997 patch 9.0.0363: common names in test files causes tests to be flaky 
Problem:    Common names in test files causes tests to be flaky.
Solution:   Use more specific names.
 2022-09-02 21:55:50 +01:00
Bram Moolenaar
44ddf19ec0 patch 8.2.5146: memory leak when substitute expression nests 
Problem:    Memory leak when substitute expression nests.
Solution:   Use an array of expression results.
 2022-06-21 22:15:25 +01:00
Bram Moolenaar
d6211a52ab patch 8.2.5126: substitute may overrun destination buffer 
Problem:    Substitute may overrun destination buffer.
Solution:   Disallow switching buffers in a substitute expression.
 2022-06-18 19:48:14 +01:00
zeertzjq
3269efdf01 patch 8.2.5078: substitute test has a one second delay 
Problem:    Substitute test has a one second delay.
Solution:   Use ":silent!".  Add another test case. (closes #10558)
 2022-06-12 11:13:05 +01:00
Bram Moolenaar
be99042b03 patch 8.2.5044: command line test fails 
Problem:    Command line test fails.
Solution:   Also beep when cmdline win can't be opened because of locks.
            Make the test not beep.  Make the test pass on MS-Windows.
 2022-05-30 16:01:42 +01:00
Bram Moolenaar
71223e2db8 patch 8.2.5043: can open a cmdline window from a substitute expression 
Problem:    Can open a cmdline window from a substitute expression.
Solution:   Disallow opening a command line window when text or buffer is
            locked.
 2022-05-30 15:23:09 +01:00
Bram Moolenaar
338f1fc0ee patch 8.2.5023: substitute overwrites allocated buffer 
Problem:    Substitute overwrites allocated buffer.
Solution:   Disallow undo when in a substitute command.
 2022-05-26 15:56:23 +01:00
Bram Moolenaar
e2bd8600b8 patch 8.2.4977: memory access error when substitute expression changes window 
Problem:    Memory access error when substitute expression changes window.
Solution:   Disallow changing window in substitute expression.
 2022-05-18 13:11:57 +01:00
Yegappan Lakshmanan
5e877baf87 patch 8.2.4628: not enough testing for 2/3 letter substitute commands 
Problem:    Not enough testing for 2/3 letter substitute commands.
Solution:   Add more tests. (Yegappan Lakshmanan, closes #10019)
 2022-03-25 21:19:26 +00:00
Bram Moolenaar
9fb7b42935 patch 8.2.4515: old subsitute syntax is still supported 
Problem:    Old subsitute syntax is still supported.
Solution:   Disallow using backslash after ":s" in Vim9 script.
 2022-03-05 21:13:26 +00:00
Bram Moolenaar
37f47958b8 patch 8.2.4253: using freed memory when substitute with function call 
Problem:    Using freed memory when substitute uses a recursive function call.
Solution:   Make a copy of the substitute text.
 2022-01-29 14:21:51 +00:00
Dominique Pelle
bfb2bb16bc patch 8.2.3345: some code not covered by tests 
Problem:    Some code not covered by tests.
Solution:   Add a few more tests. (Dominique Pellé, closes #8757)
 2021-08-14 21:11:51 +02:00
Bram Moolenaar
7a2217bedd patch 8.2.2948: substitute() accepts a number but not a float expression 
Problem:    Substitute() accepts a number but not a float expression.
Solution:   Also accept a float. (closes #8331)
 2021-06-06 12:33:49 +02:00
Bram Moolenaar
df36514a64 patch 8.2.2829: some comments are not correct or clear 
Problem:    Some comments are not correct or clear.
Solution:   Adjust the comments.  Add test for cursor position.
 2021-05-03 20:01:45 +02:00
Bram Moolenaar
531be47ac5 patch 8.2.1736: failure to compile a pattern not tested much 
Problem:    Failure to compile a pattern not tested much.
Solution:   Add tests where a pattern fails to compile. (Yegappan Lakshmanan,
            closes #7004)
 2020-09-23 22:38:05 +02:00
Bram Moolenaar
8a0dcf4330 patch 8.2.1621: crash when using submatch(0, 1) in substitute() 
Problem:    Crash when using submatch(0, 1) in substitute().
Solution:   Increment reference count. (closes #6887)
 2020-09-06 15:14:45 +02:00
Bram Moolenaar
e2e4075fad patch 8.2.1593: tests do not check the error number properly 
Problem:    Tests do not check the error number properly.0
Solution:   Add a colon after the error number. (closes #6869)
 2020-09-04 21:18:46 +02:00
Bram Moolenaar
9b7bf9e98f patch 8.2.1183: assert_fails() checks the last error message 
Problem:    assert_fails() checks the last error message.
Solution:   Check the first error, it is more relevant.  Fix all the tests
            that rely on the old behavior.
 2020-07-11 22:14:59 +02:00
Bram Moolenaar
004a6781b3 patch 8.2.0540: regexp and other code not tested 
Problem:    Regexp and other code not tested.
Solution:   Add more tests. (Yegappan Lakshmanan, closes #5904)
 2020-04-11 17:09:31 +02:00
Bram Moolenaar
ca68ae1311 patch 8.2.0482: channel and sandbox code not sufficiently tested 
Problem:    Channel and sandbox code not sufficiently tested.
Solution:   Add more tests. (Yegappan Lakshmanan, closes #5855)
 2020-03-30 19:32:53 +02:00
Bram Moolenaar
0e05de4622 patch 8.2.0448: various functions not properly tested 
Problem:    Various functions not properly tested.
Solution:   Add more tests, especially for failures. (Yegappan Lakshmanan,
            closes #5843)
 2020-03-25 22:23:46 +01:00
Bram Moolenaar
9f6277bdde patch 8.2.0243: insufficient code coverage for ex_docmd.c functions 
Problem:    Insufficient code coverage for ex_docmd.c functions.
Solution:   Add more tests. (Yegappan Lakshmanan, closes #5618)
 2020-02-11 22:04:02 +01:00
Bram Moolenaar
07ada5ff2f patch 8.2.0212: missing search/substitute pattern hardly tested 
Problem:    Missing search/substitute pattern hardly tested.
Solution:   Add test_clear_search_pat() and tests. (Yegappan Lakshmanan,
            closes #5579)
 2020-02-05 20:38:22 +01:00
Bram Moolenaar
ea3db914c0 patch 8.2.0197: some Ex commands not sufficiently tested 
Problem:    Some Ex commands not sufficiently tested.
Solution:   Add more tests. (Yegappan Lakshmanan, closes #5565)
 2020-02-02 15:32:13 +01:00
Bram Moolenaar
5d98dc2a48 patch 8.2.0174: various commands not completely tested 
Problem:    Various commands not completely tested.
Solution:   Add more test cases. (Yegappan Lakshmanan, closes #5551)
 2020-01-29 21:57:34 +01:00
Bram Moolenaar
4c054e9fb2 patch 8.1.2282: crash when passing many arguments through a partial 
Problem:    Crash when passing many arguments through a partial. (Andy
            Massimino)
Solution:   Check the number of arguments. (closes #5186)
 2019-11-10 00:13:50 +01:00
Bram Moolenaar
b0745b221d patch 8.1.2280: crash when passing partial to substitute() 
Problem:    Crash when passing partial to substitute().
Solution:   Take extra arguments into account. (closes #5186)
 2019-11-09 22:28:11 +01:00
Bram Moolenaar
bb26596242 patch 8.1.2236: ml_get error if pattern matches beyond last line 
Problem:    Ml_get error if pattern matches beyond last line.
Solution:   Adjust position if needed. (Christian Brabandt, closes #5139)
 2019-10-31 04:38:36 +01:00
Bram Moolenaar
f6ed61e148 patch 8.1.2004: more functions can be used as methods 
Problem:    More functions can be used as methods.
Solution:   Make various functions usable as a method.
 2019-09-07 19:05:09 +02:00
Bram Moolenaar
f1699968ba patch 8.1.1951: mouse double click test is a bit flaky 
Problem:    Mouse double click test is a bit flaky.
Solution:   Add to list of flaky tests.  Update a couple of comments.
 2019-08-31 17:48:19 +02:00
Bram Moolenaar
80341bcd89 patch 8.1.1360: buffer left 'nomodifiable' after :substitute 
Problem:    Buffer left 'nomodifiable' after :substitute. (Ingo Karkat)
Solution:   Save the value of 'modifiable' earlier' (Christian Brabandt,
            closes #4403)
 2019-05-20 20:34:51 +02:00
Bram Moolenaar
6349e9411f patch 8.1.1345: stuck in sandbox with ":s/../\=Function/gn" 
Problem:    Stuck in sandbox with ":s/../\=Function/gn".
Solution:   Don't skip over code to restore sandbox. (Christian Brabandt)
 2019-05-18 13:41:22 +02:00
Bram Moolenaar
c6b37db1ba patch 8.1.1214: old style tests 
Problem:    Old style tests.
Solution:   Move tests from test14 to new style test files. (Yegappan
            Lakshmanan, closes #4308)
 2019-04-27 18:00:34 +02:00
Bram Moolenaar
0e97b94875 patch 8.1.1061: when substitute string throws error, substitute happens anyway 
Problem:    When substitute string throws error, substitute happens anyway.
Solution:   Skip substitution when aborting. (closes #4161)
 2019-03-27 22:53:53 +01:00
Bram Moolenaar
d77aa4d22e patch 8.1.0891: substitute command inssuficiently tested 
Problem:    Substitute command inssuficiently tested.
Solution:   Add more test coverage. (Dominique Pelle)
 2019-02-10 22:50:14 +01:00