Commit d7e8a22d authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import vim-8.2.2637-13.el9

parent 8ca8f07f
diff --git a/src/ops.c b/src/ops.c
index d8e96ff..88992b6 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -534,22 +534,27 @@ block_insert(
if (b_insert)
{
off = (*mb_head_off)(oldp, oldp + offset + spaces);
+ spaces -= off;
+ count -= off;
}
else
{
- off = (*mb_off_next)(oldp, oldp + offset);
- offset += off;
+ // spaces fill the gap, the character that's at the edge moves
+ // right
+ off = (*mb_head_off)(oldp, oldp + offset);
+ offset -= off;
}
- spaces -= off;
- count -= off;
}
- newp = alloc(STRLEN(oldp) + s_len + count + 1);
+ // Make sure the allocated size matches what is actually copied below.
+ newp = alloc(STRLEN(oldp) + spaces + s_len
+ + (spaces > 0 && !bdp->is_short ? ts_val - spaces : 0)
+ + count + 1);
if (newp == NULL)
continue;
// copy up to shifted part
- mch_memmove(newp, oldp, (size_t)(offset));
+ mch_memmove(newp, oldp, (size_t)offset);
oldp += offset;
// insert pre-padding
@@ -560,14 +565,21 @@ block_insert(
mch_memmove(newp + startcol, s, (size_t)s_len);
offset += s_len;
- if (spaces && !bdp->is_short)
+ if (spaces > 0 && !bdp->is_short)
{
- // insert post-padding
- vim_memset(newp + offset + spaces, ' ', (size_t)(ts_val - spaces));
- // We're splitting a TAB, don't copy it.
- oldp++;
- // We allowed for that TAB, remember this now
- count++;
+ if (*oldp == TAB)
+ {
+ // insert post-padding
+ vim_memset(newp + offset + spaces, ' ',
+ (size_t)(ts_val - spaces));
+ // we're splitting a TAB, don't copy it
+ oldp++;
+ // We allowed for that TAB, remember this now
+ count++;
+ }
+ else
+ // Not a TAB, no extra spaces
+ count = spaces;
}
if (spaces > 0)
@@ -1574,7 +1586,7 @@ op_insert(oparg_T *oap, long count1)
oap->start_vcol = t;
}
else if (oap->op_type == OP_APPEND
- && oap->end.col + oap->end.coladd
+ && oap->start.col + oap->start.coladd
>= curbuf->b_op_start_orig.col
+ curbuf->b_op_start_orig.coladd)
{
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 7c5f973..dc8e376 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -967,4 +967,13 @@ func Test_visual_put_in_block()
bwipe!
endfunc
+func Test_visual_block_append_invalid_char()
+ " this was going over the end of the line
+ new
+ call setline(1, [' let xxx', 'xxxxxˆ', 'xxxxxxxxxxx'])
+ exe "normal 0\<C-V>jjA-\<Esc>"
+ call assert_equal([' - let xxx', 'xxxxx -ˆ', 'xxxxxxxx-xxx'], getline(1, 3))
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/ops.c b/src/ops.c
index 88992b6..80e0ea1 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -527,24 +527,8 @@ block_insert(
}
if (has_mbyte && spaces > 0)
- {
- int off;
-
- // Avoid starting halfway a multi-byte character.
- if (b_insert)
- {
- off = (*mb_head_off)(oldp, oldp + offset + spaces);
- spaces -= off;
- count -= off;
- }
- else
- {
- // spaces fill the gap, the character that's at the edge moves
- // right
- off = (*mb_head_off)(oldp, oldp + offset);
- offset -= off;
- }
- }
+ // avoid copying part of a multi-byte character
+ offset -= (*mb_head_off)(oldp, oldp + offset);
// Make sure the allocated size matches what is actually copied below.
newp = alloc(STRLEN(oldp) + spaces + s_len
diff --git a/src/testdir/test_utf8.vim b/src/testdir/test_utf8.vim
index 5454e43..bedec20 100644
--- a/src/testdir/test_utf8.vim
+++ b/src/testdir/test_utf8.vim
@@ -7,7 +7,7 @@ func Test_visual_block_insert()
new
call setline(1, ["aaa", "あああ", "bbb"])
exe ":norm! gg0l\<C-V>jjIx\<Esc>"
- call assert_equal(['axaa', 'xあああ', 'bxbb'], getline(1, '$'))
+ call assert_equal(['axaa', ' xあああ', 'bxbb'], getline(1, '$'))
bwipeout!
endfunc
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index dc8e376..8de9e3d 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -976,4 +976,13 @@ func Test_visual_block_append_invalid_char()
bwipe!
endfunc
+func Test_visual_block_insert_round_off()
+ new
+ " The number of characters are tuned to fill a 4096 byte allocated block,
+ " so that valgrind reports going over the end.
+ call setline(1, ['xxxxx', repeat('0', 1350), "\t", repeat('x', 60)])
+ exe "normal gg0\<C-V>GI" .. repeat('0', 1320) .. "\<Esc>"
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff -up vim82/src/testdir/test_visual.vim.cve0319 vim82/src/testdir/test_visual.vim
--- vim82/src/testdir/test_visual.vim.cve0319 2022-02-08 13:24:54.170813231 +0100
+++ vim82/src/testdir/test_visual.vim 2022-02-08 13:26:21.313747976 +0100
@@ -985,4 +985,15 @@ func Test_visual_block_insert_round_off(
bwipe!
endfunc
+" this was causing an ml_get error
+func Test_visual_exchange_windows()
+ enew!
+ new
+ call setline(1, ['foo', 'bar'])
+ exe "normal G\<C-V>gg\<C-W>\<C-X>OO\<Esc>"
+ bwipe!
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
diff -up vim82/src/window.c.cve0319 vim82/src/window.c
--- vim82/src/window.c.cve0319 2022-02-08 13:24:54.137813879 +0100
+++ vim82/src/window.c 2022-02-08 13:24:54.171813211 +0100
@@ -1697,6 +1697,11 @@ win_exchange(long Prenum)
(void)win_comp_pos(); // recompute window positions
+ if (wp->w_buffer != curbuf)
+ reset_VIsual_and_resel();
+ else if (VIsual_active)
+ wp->w_cursor = curwin->w_cursor;
+
win_enter(wp, TRUE);
redraw_all_later(NOT_VALID);
}
@@ -5261,7 +5266,7 @@ frame_remove(frame_T *frp)
win_alloc_lines(win_T *wp)
{
wp->w_lines_valid = 0;
- wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows );
+ wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows);
if (wp->w_lines == NULL)
return FAIL;
return OK;
From 85b6747abc15a7a81086db31289cf1b8b17e6cb1 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 11:55:02 +0000
Subject: [PATCH] patch 8.2.4214: illegal memory access with large 'tabstop' in
Ex mode
Problem: Illegal memory access with large 'tabstop' in Ex mode.
Solution: Allocate enough memory.
---
src/ex_getln.c | 2 +-
src/testdir/test_ex_mode.vim | 10 ++++++++++
src/version.c | 2 ++
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/ex_getln.c b/src/ex_getln.c
index 5dc43d845..097b97eeb 100644
--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -1513,7 +1513,7 @@ init_ccline(int firstc, int indent)
ccline.cmdindent = (firstc > 0 ? indent : 0);
// alloc initial ccline.cmdbuff
- alloc_cmdbuff(exmode_active ? 250 : indent + 1);
+ alloc_cmdbuff(indent + 50);
if (ccline.cmdbuff == NULL)
return FAIL;
ccline.cmdlen = ccline.cmdpos = 0;
diff --git a/src/testdir/test_ex_mode.vim b/src/testdir/test_ex_mode.vim
index 7031115fc..2642a16d2 100644
--- a/src/testdir/test_ex_mode.vim
+++ b/src/testdir/test_ex_mode.vim
@@ -241,4 +241,14 @@ func Test_ex_mode_count_overflow()
call delete('Xexmodescript')
endfunc
+func Test_ex_mode_large_indent()
+ new
+ set ts=500 ai
+ call setline(1, "\t")
+ exe "normal gQi\<CR>."
+ set ts=8 noai
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.34.1
From dc5490e2cbc8c16022a23b449b48c1bd0083f366 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 13:52:53 +0000
Subject: [PATCH] patch 8.2.4215: illegal memory access when copying lines in
Visual mode
Problem: Illegal memory access when copying lines in Visual mode.
Solution: Adjust the Visual position after copying lines.
---
src/ex_cmds.c | 2 ++
src/testdir/test_visual.vim | 11 +++++++++++
src/version.c | 2 ++
3 files changed, 15 insertions(+)
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 95209985e..f5d93e664 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -866,6 +866,8 @@ ex_copy(linenr_T line1, linenr_T line2, linenr_T n)
}
appended_lines_mark(n, count);
+ if (VIsual_active)
+ check_pos(curbuf, &VIsual);
msgmore((long)count);
}
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 72f5388b9..9b322fd21 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -1328,5 +1328,16 @@ func Test_visual_exchange_windows()
bwipe!
endfunc
+" this was leaving the end of the Visual area beyond the end of a line
+func Test_visual_ex_copy_line()
+ new
+ call setline(1, ["aaa", "bbbbbbbbbxbb"])
+ /x
+ exe "normal ggvjfxO"
+ t0
+ normal gNU
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.34.1
From 8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 18:24:00 +0000
Subject: [PATCH] patch 8.2.4217: illegal memory access when undo makes Visual
area invalid
Problem: Illegal memory access when undo makes Visual area invalid.
Solution: Correct the Visual area after undo.
---
src/testdir/test_visual.vim | 15 +++++++++++++++
src/undo.c | 2 ++
src/version.c | 2 ++
3 files changed, 19 insertions(+)
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 9b322fd21..b2beda08d 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -1339,5 +1339,20 @@ func Test_visual_ex_copy_line()
bwipe!
endfunc
+" This was leaving the end of the Visual area beyond the end of a line.
+" Set 'undolevels' to start a new undo block.
+func Test_visual_undo_deletes_last_line()
+ new
+ call setline(1, ["aaa", "ccc", "dyd"])
+ set undolevels=100
+ exe "normal obbbbbbbbbxbb\<Esc>"
+ set undolevels=100
+ /y
+ exe "normal ggvjfxO"
+ undo
+ normal gNU
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/undo.c b/src/undo.c
index 4d186d453..636144aef 100644
--- a/src/undo.c
+++ b/src/undo.c
@@ -3029,6 +3029,8 @@ u_undo_end(
}
}
#endif
+ if (VIsual_active)
+ check_pos(curbuf, &VIsual);
smsg_attr_keep(0, _("%ld %s; %s #%ld %s"),
u_oldcount < 0 ? -u_oldcount : u_oldcount,
--
2.34.1
From 806d037671e133bd28a7864248763f643967973a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 20:45:16 +0000
Subject: [PATCH] patch 8.2.4218: illegal memory access with bracketed paste in
Ex mode
Problem: Illegal memory access with bracketed paste in Ex mode.
Solution: Reserve space for the trailing NUL.
---
src/edit.c | 3 ++-
src/testdir/test_paste.vim | 3 +++
src/version.c | 2 ++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/edit.c b/src/edit.c
index ee3caf0da..2b5301100 100644
--- a/src/edit.c
+++ b/src/edit.c
@@ -4452,7 +4452,8 @@ bracketed_paste(paste_mode_T mode, int drop, garray_T *gap)
break;
case PASTE_EX:
- if (gap != NULL && ga_grow(gap, idx) == OK)
+ // add one for the NUL that is going to be appended
+ if (gap != NULL && ga_grow(gap, idx + 1) == OK)
{
mch_memmove((char *)gap->ga_data + gap->ga_len,
buf, (size_t)idx);
diff --git a/src/testdir/test_paste.vim b/src/testdir/test_paste.vim
index c94fe7c35..5b8d8a0e3 100644
--- a/src/testdir/test_paste.vim
+++ b/src/testdir/test_paste.vim
@@ -90,6 +90,9 @@ func Test_paste_ex_mode()
unlet! foo
call feedkeys("Qlet foo=\"\<Esc>[200~foo\<CR>bar\<Esc>[201~\"\<CR>vi\<CR>", 'xt')
call assert_equal("foo\rbar", foo)
+
+ " pasting more than 40 bytes
+ exe "norm Q\<PasteStart>0000000000000000000000000000000000000000000000000000000000000000000000\<C-C>"
endfunc
func Test_paste_onechar()
--
2.34.1
diff -up vim82/src/indent.c.cve0417 vim82/src/indent.c
--- vim82/src/indent.c.cve0417 2022-02-09 10:01:34.250009316 +0100
+++ vim82/src/indent.c 2022-02-09 10:02:54.802588536 +0100
@@ -71,7 +71,7 @@ tabstop_set(char_u *var, int **array)
int n = atoi((char *)cp);
// Catch negative values, overflow and ridiculous big values.
- if (n < 0 || n > 9999)
+ if (n < 0 || n > TABSTOP_MAX)
{
semsg(_(e_invarg2), cp);
vim_free(*array);
@@ -1595,7 +1595,7 @@ ex_retab(exarg_T *eap)
emsg(_(e_positive));
return;
}
- if (new_ts < 0 || new_ts > 9999)
+ if (new_ts < 0 || new_ts > TABSTOP_MAX)
{
semsg(_(e_invarg2), eap->arg);
return;
diff -up vim82/src/option.c.cve0417 vim82/src/option.c
--- vim82/src/option.c.cve0417 2022-02-09 10:01:34.196009598 +0100
+++ vim82/src/option.c 2022-02-09 10:28:10.398548161 +0100
@@ -3640,6 +3640,11 @@ set_num_option(
errmsg = e_positive;
curbuf->b_p_ts = 8;
}
+ else if (curbuf->b_p_ts > TABSTOP_MAX)
+ {
+ errmsg = e_invarg;
+ curbuf->b_p_ts = 8;
+ }
if (p_tm < 0)
{
errmsg = e_positive;
@@ -5830,7 +5835,7 @@ buf_copy_options(buf_T *buf, int flags)
if (p_vsts && p_vsts != empty_option)
(void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
else
- buf->b_p_vsts_array = 0;
+ buf->b_p_vsts_array = NULL;
buf->b_p_vsts_nopaste = p_vsts_nopaste
? vim_strsave(p_vsts_nopaste) : NULL;
#endif
@@ -6649,9 +6654,7 @@ paste_option_changed(void)
if (buf->b_p_vsts)
free_string_option(buf->b_p_vsts);
buf->b_p_vsts = empty_option;
- if (buf->b_p_vsts_array)
- vim_free(buf->b_p_vsts_array);
- buf->b_p_vsts_array = 0;
+ VIM_CLEAR(buf->b_p_vsts_array);
#endif
}
@@ -6697,12 +6700,11 @@ paste_option_changed(void)
free_string_option(buf->b_p_vsts);
buf->b_p_vsts = buf->b_p_vsts_nopaste
? vim_strsave(buf->b_p_vsts_nopaste) : empty_option;
- if (buf->b_p_vsts_array)
- vim_free(buf->b_p_vsts_array);
+ vim_free(buf->b_p_vsts_array);
if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
(void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
else
- buf->b_p_vsts_array = 0;
+ buf->b_p_vsts_array = NULL;
#endif
}
diff -up vim82/src/testdir/test_options.vim.cve0417 vim82/src/testdir/test_options.vim
--- vim82/src/testdir/test_options.vim.cve0417 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/testdir/test_options.vim 2022-02-09 10:01:34.251009311 +0100
@@ -362,6 +362,8 @@ func Test_set_errors()
call assert_fails('set shiftwidth=-1', 'E487:')
call assert_fails('set sidescroll=-1', 'E487:')
call assert_fails('set tabstop=-1', 'E487:')
+ call assert_fails('set tabstop=10000', 'E474:')
+ call assert_fails('set tabstop=5500000000', 'E474:')
call assert_fails('set textwidth=-1', 'E487:')
call assert_fails('set timeoutlen=-1', 'E487:')
call assert_fails('set updatecount=-1', 'E487:')
diff -up vim82/src/vim.h.cve0417 vim82/src/vim.h
--- vim82/src/vim.h.cve0417 2021-03-22 10:02:42.000000000 +0100
+++ vim82/src/vim.h 2022-02-09 10:01:34.252009306 +0100
@@ -2032,6 +2032,8 @@ typedef int sock_T;
#define DICT_MAXNEST 100 // maximum nesting of lists and dicts
+#define TABSTOP_MAX 9999
+
#ifdef FEAT_CLIPBOARD
// VIM_ATOM_NAME is the older Vim-specific selection type for X11. Still
diff --git a/src/spellsuggest.c b/src/spellsuggest.c
index 3de9ff2..5462583 100644
--- a/src/spellsuggest.c
+++ b/src/spellsuggest.c
@@ -1200,7 +1200,7 @@ suggest_try_change(suginfo_T *su)
// Check the maximum score, if we go over it we won't try this change.
#define TRY_DEEPER(su, stack, depth, add) \
- (stack[depth].ts_score + (add) < su->su_maxscore)
+ (depth < MAXWLEN - 1 && stack[depth].ts_score + (add) < su->su_maxscore)
/*
* Try finding suggestions by adding/removing/swapping letters.
@@ -1272,6 +1272,9 @@ suggest_trie_walk(
char_u changename[MAXWLEN][80];
#endif
int breakcheckcount = 1000;
+#ifdef FEAT_RELTIME
+ proftime_T time_limit;
+#endif
int compound_ok;
// Go through the whole case-fold tree, try changes at each node.
@@ -1316,6 +1319,11 @@ suggest_trie_walk(
sp->ts_state = STATE_START;
}
}
+#ifdef FEAT_RELTIME
+ // The loop may take an indefinite amount of time. Break out after five
+ // sectonds. TODO: add an option for the time limit.
+ profile_setlimit(5000, &time_limit);
+#endif
// Loop to find all suggestions. At each round we either:
// - For the current state try one operation, advance "ts_curi",
@@ -1350,7 +1358,8 @@ suggest_trie_walk(
// At end of a prefix or at start of prefixtree: check for
// following word.
- if (byts[arridx] == 0 || n == (int)STATE_NOPREFIX)
+ if (depth < MAXWLEN - 1
+ && (byts[arridx] == 0 || n == (int)STATE_NOPREFIX))
{
// Set su->su_badflags to the caps type at this position.
// Use the caps type until here for the prefix itself.
@@ -2644,6 +2653,10 @@ suggest_trie_walk(
{
ui_breakcheck();
breakcheckcount = 1000;
+#ifdef FEAT_RELTIME
+ if (profile_passed_limit(&time_limit))
+ got_int = TRUE;
+#endif
}
}
}
diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
index a3a9621..35035a2 100644
--- a/src/testdir/test_spell.vim
+++ b/src/testdir/test_spell.vim
@@ -768,6 +768,14 @@ func Test_spell_long_word()
set nospell
endfunc
+func Test_spellsuggest_too_deep()
+ " This was incrementing "depth" over MAXWLEN.
+ new
+ norm s000G00000000000000
+ sil norm ..vzG................vvzG0 v z=
+ bwipe!
+endfunc
+
func LoadAffAndDic(aff_contents, dic_contents)
set enc=latin1
set spellfile=
diff -up vim82/src/ex_cmds.c.cve0413 vim82/src/ex_cmds.c
--- vim82/src/ex_cmds.c.cve0413 2022-02-10 08:09:27.644493218 +0100
+++ vim82/src/ex_cmds.c 2022-02-10 08:09:27.653493168 +0100
@@ -3627,6 +3627,7 @@ ex_substitute(exarg_T *eap)
int save_do_all; // remember user specified 'g' flag
int save_do_ask; // remember user specified 'c' flag
char_u *pat = NULL, *sub = NULL; // init for GCC
+ char_u *sub_copy = NULL;
int delimiter;
int sublen;
int got_quit = FALSE;
@@ -3928,11 +3929,20 @@ ex_substitute(exarg_T *eap)
sub_firstline = NULL;
/*
- * ~ in the substitute pattern is replaced with the old pattern.
- * We do it here once to avoid it to be replaced over and over again.
- * But don't do it when it starts with "\=", then it's an expression.
+ * If the substitute pattern starts with "\=" then it's an expression.
+ * Make a copy, a recursive function may free it.
+ * Otherwise, '~' in the substitute pattern is replaced with the old
+ * pattern. We do it here once to avoid it to be replaced over and over
+ * again.
*/
- if (!(sub[0] == '\\' && sub[1] == '='))
+ if (sub[0] == '\\' && sub[1] == '=')