Commit d5f23bc0 authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import vim-8.2.2637-15.el9

parents
SOURCES/gvim64.png
SOURCES/vim-8.2-2637.tar.bz2
c32bd520a1498b71ee9bbcddc7ad05df1565d085 SOURCES/gvim64.png
8405efdee1d83465651f90edc1173ff69f390aea SOURCES/vim-8.2-2637.tar.bz2
From b5098060f4acae4dac3203130278c948d670a3d5 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 7 Jul 2021 19:26:19 +0200
Subject: [PATCH] patch 8.2.3115: Coverity complains about free_wininfo() use
Problem: Coverity complains about free_wininfo() use.
Solution: Add a condition that "wip2" is not equal to "wip". (Neovim #14996)
---
src/version.c | 2 ++
src/window.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/window.c b/src/window.c
index 09067b081..cc9c217b4 100644
--- a/src/window.c
+++ b/src/window.c
@@ -5057,8 +5057,9 @@ win_free(
// If there already is an entry with "wi_win" set to NULL it
// must be removed, it would never be used.
+ // Skip "wip" itself, otherwise Coverity complains.
for (wip2 = buf->b_wininfo; wip2 != NULL; wip2 = wip2->wi_next)
- if (wip2->wi_win == NULL)
+ if (wip2 != wip && wip2->wi_win == NULL)
{
if (wip2->wi_next != NULL)
wip2->wi_next->wi_prev = wip2->wi_prev;
--
2.31.1
diff --git a/src/vim9compile.c b/src/vim9compile.c
index 535de05..ae7b253 100644
--- a/src/vim9compile.c
+++ b/src/vim9compile.c
@@ -1073,21 +1073,26 @@ generate_PUSHF(cctx_T *cctx, float_T fnumber)
/*
* Generate an ISN_PUSHS instruction.
- * Consumes "str".
+ * Consumes "*str". When freed *str is set to NULL, unless "str" is NULL.
*/
static int
-generate_PUSHS(cctx_T *cctx, char_u *str)
+generate_PUSHS(cctx_T *cctx, char_u **str)
{
isn_T *isn;
if (cctx->ctx_skip == SKIP_YES)
{
- vim_free(str);
+ if (str != NULL)
+ VIM_CLEAR(*str);
return OK;
}
if ((isn = generate_instr_type(cctx, ISN_PUSHS, &t_string)) == NULL)
+ {
+ if (str != NULL)
+ VIM_CLEAR(*str);
return FAIL;
- isn->isn_arg.string = str;
+ }
+ isn->isn_arg.string = str == NULL ? NULL : *str;
return OK;
}
@@ -2547,7 +2552,7 @@ generate_tv_PUSH(cctx_T *cctx, typval_T *tv)
tv->vval.v_blob = NULL;
break;
case VAR_STRING:
- generate_PUSHS(cctx, tv->vval.v_string);
+ generate_PUSHS(cctx, &tv->vval.v_string);
tv->vval.v_string = NULL;
break;
default:
@@ -3301,7 +3306,7 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
key = get_literal_key(arg);
if (key == NULL)
return FAIL;
- if (generate_PUSHS(cctx, key) == FAIL)
+ if (generate_PUSHS(cctx, &key) == FAIL)
return FAIL;
}
@@ -5978,7 +5983,7 @@ compile_assign_unlet(
char_u *key_end = to_name_end(p + 1, TRUE);
char_u *key = vim_strnsave(p + 1, key_end - p - 1);
- r = generate_PUSHS(cctx, key);
+ r = generate_PUSHS(cctx, &key);
}
if (r == FAIL)
return FAIL;
@@ -6149,7 +6154,7 @@ compile_assignment(char_u *arg, exarg_T *eap, cmdidx_T cmdidx, cctx_T *cctx)
// Push each line and the create the list.
FOR_ALL_LIST_ITEMS(l, li)
{
- generate_PUSHS(cctx, li->li_tv.vval.v_string);
+ generate_PUSHS(cctx, &li->li_tv.vval.v_string);
li->li_tv.vval.v_string = NULL;
}
generate_NEWLIST(cctx, l->lv_len);
@@ -7709,7 +7714,7 @@ compile_catch(char_u *arg, cctx_T *cctx UNUSED)
p += len + 2 + dropped;
if (pat == NULL)
return FAIL;
- if (generate_PUSHS(cctx, pat) == FAIL)
+ if (generate_PUSHS(cctx, &pat) == FAIL)
return FAIL;
if (generate_COMPARE(cctx, EXPR_MATCH, FALSE) == FAIL)
@@ -8080,7 +8085,9 @@ compile_exec(char_u *line, exarg_T *eap, cctx_T *cctx)
{
if (p > start)
{
- generate_PUSHS(cctx, vim_strnsave(start, p - start));
+ char_u *val = vim_strnsave(start, p - start);
+
+ generate_PUSHS(cctx, &val);
++count;
}
p += 2;
@@ -8101,7 +8108,9 @@ compile_exec(char_u *line, exarg_T *eap, cctx_T *cctx)
{
if (*skipwhite(start) != NUL)
{
- generate_PUSHS(cctx, vim_strsave(start));
+ char_u *val = vim_strsave(start);
+
+ generate_PUSHS(cctx, &val);
++count;
}
break;
From 3ae5fc9a6a881e0be381e4cc70080ac5908d7520 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 6 Sep 2021 18:57:30 +0200
Subject: [PATCH] patch 8.2.3406: on some systems tests fail without _REENTRANT
Problem: On some systems tests fail without _REENTRANT. (Elimar
Riesebieter)
Solution: Add -D_REENTRANT in configure. (closes #7402)
---
src/auto/configure | 4 ++++
src/configure.ac | 6 ++++++
src/version.c | 2 ++
3 files changed, 12 insertions(+)
diff --git a/src/auto/configure b/src/auto/configure
index fba6a19b5..4f4363224 100755
--- a/src/auto/configure
+++ b/src/auto/configure
@@ -14960,6 +14960,10 @@ $as_echo "no" >&6; }
fi
fi
+if `echo "$CFLAGS" | grep -v D_XEENTRANT >/dev/null`; then
+ CFLAGS="$CFLAGS -D_REENTRANT"
+fi
+
DEPEND_CFLAGS_FILTER=
if test "$GCC" = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCC 3 or later" >&5
diff --git a/src/configure.ac b/src/configure.ac
index 5ec955757..4cd6dea1f 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -4504,6 +4504,12 @@ if test "$MACOS_X" = "yes"; then
fi
fi
+dnl On some systems REENTRANT needs to be defined. It should not hurt to use
+dnl it everywhere.
+if `echo "$CFLAGS" | grep -v D_REENTRANT >/dev/null`; then
+ CFLAGS="$CFLAGS -D_REENTRANT"
+fi
+
dnl gcc 3.1 changed the meaning of -MM. The only solution appears to be to
dnl use "-isystem" instead of "-I" for all non-Vim include dirs.
dnl But only when making dependencies, cproto and lint don't take "-isystem".
--
2.31.1
From 65b605665997fad54ef39a93199e305af2fe4d7f Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 7 Sep 2021 19:26:53 +0200
Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8
character
Problem: Reading beyond end of line with invalid utf-8 character.
Solution: Check for NUL when advancing.
---
src/regexp_nfa.c | 3 ++-
src/testdir/test_regexp_utf8.vim | 8 ++++++++
src/version.c | 2 ++
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 9757d7c47..c7db98187 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -5664,7 +5664,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text)
match = FALSE;
break;
}
- len2 += MB_CHAR2LEN(c2);
+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
+ : MB_CHAR2LEN(c2);
}
if (match
// check that no composing char follows
diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
index 9f0ffb9aa..044aeffb6 100644
--- a/src/testdir/test_regexp_utf8.vim
+++ b/src/testdir/test_regexp_utf8.vim
@@ -558,4 +558,12 @@ func Test_match_char_class_upper()
bwipe!
endfunc
+func Test_match_invalid_byte()
+ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid')
+ new
+ source Xinvalid
+ bwipe!
+ call delete('Xinvalid')
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.31.1
diff -up vim82/src/normal.c.cve-3796 vim82/src/normal.c
--- vim82/src/normal.c.cve-3796 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/normal.c 2021-10-15 10:45:21.397258123 +0200
@@ -5076,19 +5076,23 @@ nv_replace(cmdarg_T *cap)
{
/*
* Get ptr again, because u_save and/or showmatch() will have
- * released the line. At the same time we let know that the
- * line will be changed.
+ * released the line. This may also happen in ins_copychar().
+ * At the same time we let know that the line will be changed.
*/
- ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
{
int c = ins_copychar(curwin->w_cursor.lnum
+ (cap->nchar == Ctrl_Y ? -1 : 1));
+
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
if (c != NUL)
ptr[curwin->w_cursor.col] = c;
}
else
+ {
+ ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
ptr[curwin->w_cursor.col] = cap->nchar;
+ }
if (p_sm && msg_silent == 0)
showmatch(cap->nchar);
++curwin->w_cursor.col;
diff -up vim82/src/testdir/test_edit.vim.cve-3796 vim82/src/testdir/test_edit.vim
--- vim82/src/testdir/test_edit.vim.cve-3796 2021-10-15 10:45:21.398258115 +0200
+++ vim82/src/testdir/test_edit.vim 2021-10-15 10:46:22.892764135 +0200
@@ -1844,4 +1844,16 @@ func Test_read_invalid()
set encoding=utf-8
endfunc
+" Test for getting the character of the line below after "p"
+func Test_edit_put_CTRL_E()
+ set encoding=latin1
+ new
+ let @" = ''
+ sil! norm orggRx
+ sil! norm pr
+ call assert_equal(['r', 'r'], getline(1, 2))
+ bwipe!
+ set encoding=utf-8
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
From 826bfe4bbd7594188e3d74d2539d9707b1c6a14b Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 8 Oct 2021 18:39:28 +0100
Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very
long
Problem: Illegal memory access if buffer name is very long.
Solution: Make sure not to go over the end of the buffer.
---
src/drawscreen.c | 10 +++++-----
src/testdir/test_statusline.vim | 10 ++++++++++
src/version.c | 2 ++
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/drawscreen.c b/src/drawscreen.c
index 82e53753b..e38ca9586 100644
--- a/src/drawscreen.c
+++ b/src/drawscreen.c
@@ -464,13 +464,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
*(p + len++) = ' ';
if (bt_help(wp->w_buffer))
{
- STRCPY(p + len, _("[Help]"));
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
len += (int)STRLEN(p + len);
}
#ifdef FEAT_QUICKFIX
if (wp->w_p_pvw)
{
- STRCPY(p + len, _("[Preview]"));
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
len += (int)STRLEN(p + len);
}
#endif
@@ -480,12 +480,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
#endif
)
{
- STRCPY(p + len, "[+]");
- len += 3;
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
+ len += (int)STRLEN(p + len);
}
if (wp->w_buffer->b_p_ro)
{
- STRCPY(p + len, _("[RO]"));
+ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
len += (int)STRLEN(p + len);
}
diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim
index f3eea2e71..a952de69b 100644
--- a/src/testdir/test_statusline.vim
+++ b/src/testdir/test_statusline.vim
@@ -522,4 +522,14 @@ func Test_statusline_mbyte_fillchar()
%bw!
endfunc
+" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes.
+func Test_statusline_verylong_filename()
+ let fname = repeat('x', 4090)
+ exe "new " .. fname
+ set buftype=help
+ set previewwindow
+ redraw
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.31.1
diff --git a/src/cindent.c b/src/cindent.c
index b2fac1a..ce513e3 100644
--- a/src/cindent.c
+++ b/src/cindent.c
@@ -1654,7 +1654,7 @@ find_start_brace(void) // XXX
&& (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
break;
if (pos != NULL)
- curwin->w_cursor.lnum = pos->lnum;
+ curwin->w_cursor = *pos;
}
curwin->w_cursor = cursor_save;
return trypos;
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
index 5926408..f668faa 100644
--- a/src/testdir/test_cindent.vim
+++ b/src/testdir/test_cindent.vim
@@ -5307,4 +5307,16 @@ func Test_cindent_pragma()
enew! | close
endfunc
+func Test_find_brace_backwards()
+ " this was looking beyond the end of the line
+ new
+ norm R/*
+ norm o0{
+ norm o//
+ norm V{=
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/help.c b/src/help.c
index ee6ff18..67e4fb2 100644
--- a/src/help.c
+++ b/src/help.c
@@ -422,8 +422,7 @@ find_help_tags(
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
- STRCPY(d, "/\\\\");
- STRCPY(d + 3, arg + 1);
+ vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
index ff2bc41..c8ff5b8 100644
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -123,5 +123,13 @@ func Test_helptag_cmd_readonly()
call delete('Xdir', 'rf')
endfunc
+func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E149:", v:exception)
+ endtry
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff -up vim82/src/regexp.c.cve4192 vim82/src/regexp.c
--- vim82/src/regexp.c.cve4192 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/regexp.c 2022-01-13 10:54:17.629176807 +0100
@@ -1316,9 +1316,9 @@ reg_match_visual(void)
if (lnum < top.lnum || lnum > bot.lnum)
return FALSE;
+ col = (colnr_T)(rex.input - rex.line);
if (mode == 'v')
{
- col = (colnr_T)(rex.input - rex.line);
if ((lnum == top.lnum && col < top.col)
|| (lnum == bot.lnum && col >= bot.col + (*p_sel != 'e')))
return FALSE;
@@ -1333,7 +1333,12 @@ reg_match_visual(void)
end = end2;
if (top.col == MAXCOL || bot.col == MAXCOL)
end = MAXCOL;
- cols = win_linetabsize(wp, rex.line, (colnr_T)(rex.input - rex.line));
+
+ // getvvcol() flushes rex.line, need to get it again
+ rex.line = reg_getline(rex.lnum);
+ rex.input = rex.line + col;
+
+ cols = win_linetabsize(wp, rex.line, col);
if (cols < start || cols > end - (*p_sel == 'e'))
return FALSE;
}
diff -up vim82/src/testdir/test_regexp_latin.vim.cve4192 vim82/src/testdir/test_regexp_latin.vim
--- vim82/src/testdir/test_regexp_latin.vim.cve4192 2022-01-13 10:52:05.508789448 +0100
+++ vim82/src/testdir/test_regexp_latin.vim 2022-01-13 10:52:05.510789454 +0100
@@ -946,4 +946,12 @@ func Test_using_invalid_visual_position(
bwipe!
endfunc
+func Test_using_visual_position()
+ " this was using freed memory
+ new
+ exe "norm 0o\<Esc>\<C-V>k\<C-X>o0"
+ /\%V
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff -up vim82/src/charset.c.cve4193 vim82/src/charset.c
--- vim82/src/charset.c.cve4193 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/charset.c 2022-01-13 10:14:55.634913386 +0100
@@ -1232,10 +1232,15 @@ getvcol(
posptr = NULL; // continue until the NUL
else
{
- // Special check for an empty line, which can happen on exit, when
- // ml_get_buf() always returns an empty string.
- if (*ptr == NUL)
- pos->col = 0;
+ colnr_T i;
+
+ // In a few cases the position can be beyond the end of the line.
+ for (i = 0; i < pos->col; ++i)
+ if (ptr[i] == NUL)
+ {
+ pos->col = i;
+ break;
+ }
posptr = ptr + pos->col;
if (has_mbyte)
// always start on the first byte
diff -up vim82/src/testdir/test_regexp_latin.vim.cve4193 vim82/src/testdir/test_regexp_latin.vim
--- vim82/src/testdir/test_regexp_latin.vim.cve4193 2022-01-13 10:14:55.634913386 +0100
+++ vim82/src/testdir/test_regexp_latin.vim 2022-01-13 10:17:01.905292715 +0100
@@ -938,4 +938,12 @@ func Test_regexp_last_subst_string()
close!
endfunc
+func Test_using_invalid_visual_position()
+ " this was going beyond the end of the line
+ new
+ exe "norm 0o000\<Esc>0\<C-V>$s0"
+ /\%V
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/ops.c b/src/ops.c
index d8e96ff..88992b6 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -534,22 +534,27 @@ block_insert(
if (b_insert)
{
off = (*mb_head_off)(oldp, oldp + offset + spaces);
+ spaces -= off;
+ count -= off;
}
else
{
- off = (*mb_off_next)(oldp, oldp + offset);
- offset += off;
+ // spaces fill the gap, the character that's at the edge moves
+ // right
+ off = (*mb_head_off)(oldp, oldp + offset);
+ offset -= off;
}
- spaces -= off;
- count -= off;
}
- newp = alloc(STRLEN(oldp) + s_len + count + 1);
+ // Make sure the allocated size matches what is actually copied below.
+ newp = alloc(STRLEN(oldp) + spaces + s_len
+ + (spaces > 0 && !bdp->is_short ? ts_val - spaces : 0)
+ + count + 1);
if (newp == NULL)
continue;
// copy up to shifted part
- mch_memmove(newp, oldp, (size_t)(offset));
+ mch_memmove(newp, oldp, (size_t)offset);
oldp += offset;
// insert pre-padding
@@ -560,14 +565,21 @@ block_insert(
mch_memmove(newp + startcol, s, (size_t)s_len);
offset += s_len;
- if (spaces && !bdp->is_short)
+ if (spaces > 0 && !bdp->is_short)
{
- // insert post-padding
- vim_memset(newp + offset + spaces, ' ', (size_t)(ts_val - spaces));
- // We're splitting a TAB, don't copy it.
- oldp++;
- // We allowed for that TAB, remember this now
- count++;
+ if (*oldp == TAB)
+ {
+ // insert post-padding
+ vim_memset(newp + offset + spaces, ' ',
+ (size_t)(ts_val - spaces));
+ // we're splitting a TAB, don't copy it
+ oldp++;
+ // We allowed for that TAB, remember this now
+ count++;
+ }
+ else
+ // Not a TAB, no extra spaces
+ count = spaces;
}
if (spaces > 0)
@@ -1574,7 +1586,7 @@ op_insert(oparg_T *oap, long count1)
oap->start_vcol = t;
}
else if (oap->op_type == OP_APPEND
- && oap->end.col + oap->end.coladd
+ && oap->start.col + oap->start.coladd
>= curbuf->b_op_start_orig.col
+ curbuf->b_op_start_orig.coladd)
{
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 7c5f973..dc8e376 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -967,4 +967,13 @@ func Test_visual_put_in_block()
bwipe!
endfunc
+func Test_visual_block_append_invalid_char()
+ " this was going over the end of the line
+ new
+ call setline(1, [' let xxx', 'xxxxxˆ', 'xxxxxxxxxxx'])
+ exe "normal 0\<C-V>jjA-\<Esc>"
+ call assert_equal([' - let xxx', 'xxxxx -ˆ', 'xxxxxxxx-xxx'], getline(1, 3))
+ bwipe!
+endfunc
+