{{ message }}
Tags: neovim/neovim
Tags
vim-patch:partial:9.2.0315: missing bound-checks (#39334) Problem: missing bound-checks Solution: Add defensive guards against potential buffer overflow (Yasuhiro Matsumoto) Add bounds checking and integer overflow guards across multiple files as a defensive measure. While these code paths are unlikely to be exploitable in practice, the guards prevent undefined behavior in edge cases. - libvterm/vterm.c: use heap tmpbuffer instead of stack buffer in vsprintf() fallback path - channel.c: validate len in channel_consume() before mch_memmove() - spell.c: use long instead of int for addlen to avoid signed overflow in size_t subtraction - alloc.c: add SIZE_MAX overflow check in ga_grow_inner() before itemsize multiplication - list.c: add overflow check before count * sizeof(listitem_T) - popupwin.c: add overflow check before width * height allocation - insexpand.c: add overflow check before compl_num_bests multiplication - regexp_bt.c: replace sprintf() with vim_snprintf() in regprop() - spellfile.c: use SIZE_MAX instead of LONG_MAX for allocation overflow check closes: vim/vim#19904 vim/vim@8d23fcb Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
NVIM v0.12.2 Following is a list of commits (fixes/features only) in this release. See `:help news` in Nvim for release notes. BREAKING -------------------------------------------------------------------------------- - c76bbd0 diagnostics: restore `is_pull` namespace argument #38698 - 0a3add9 vim.pos: require `buf` param on vim.pos, vim.range #38665 REVERTED CHANGES -------------------------------------------------------------------------------- - 5920a1d "fix(lsp): only resolve LSP configs once" #38990 BUILD -------------------------------------------------------------------------------- - 26bcffd gen_char_blob.lua: "bad argument to format" if path contains "%" #39274 FEATURES -------------------------------------------------------------------------------- - e767b48 editor: ZR performs :restart #38967 - 6b86f55 connect: filepath completion #38959 - ceaa8b6 filetype: `vim.filetype.inspect()` returns copy of registry - 78234f2 vim.version: add __eq to vim.VersionRange #38881 FIXES -------------------------------------------------------------------------------- - a7214c0 don't make path empty when truncating trailing slashes (#38844) - b3b5674 :restart: --listen reusage on windows #39281 - 3e0ece4 :restart: avoid ERR/WRN logging on Windows with --listen (#39287) - eaa8cff api: expose fg_indexed/bg_indexed in nvim_get_hl (#39240) - 8669e34 api: nvim_clear_autocmds() "event" type check - 4053141 api: nvim_get_hl drops groups defined with link_global #38492 - 319c031 channel: fix Ctrl-C handling regression in terminal - ba3de79 cmd: ++p, ++edit should match "word" boundary #39146 - c6c3484 cmdline: 'inccommand' preview after setcmdline() #38795 - 9e1c542 cmdline: avoid 'incsearch' recursion after redraw #39303 - 4a18c05 cmdline: avoid Ex-mode NULL cmdline_block event #39043 - e4dc08d completion: update CursorColumn during completion (#39159) - 25170ca diagnostic: virtual_lines should anchor at end_lnum, not lnum #38701 - 6cb5012 difftool: ensure standardized locale for diff output parsing #38853 - 9966afb drawline: hang while redrawing diff filler above fold #39219 - 1ebb9b1 eval: crash on some NULL ptr deref #39182 - 6ae6cf5 float: don't unload 'hidden' float buffer with :close! (#39304) - d86d975 gf: handle local `file:` URI paths #38915 - 11a4a00 health: recognize Zig build optimization levels #38804 - 36bade7 highlight: preserve inherited colors when update=true breaks links #38750 - 7ffee0d lsp: apply_text_edits causes unwanted BufDelete events #38778 - df72664 lsp: check filetype registry in health (#38885) - 18b1ff8 lsp: check stale context in hover/signature callback #38724 - fe09c71 lsp: send didOpen on save to all clients+groups #37454 - 34cbfec lsp: show CompletionItem.detail in info popup #38904 - 6250019 lsp: show_document can't position cursor past EOL in insert-mode #38566 - 5907307 lsp: skip codelens refresh redraw for deleted buffer #39193 - 9aadbed lua: make `vim._with()` work with `buf=0` and `win=0` context #39151 - 0039785 lua: make vim.deep_equal cycle-safe - 53038d2 lua: not obvious which _meta/ files are generated #39035 - f2a5c90 marks: adjust marks when unloading "nofile" buffer #39118 - a358b9b message: flush messages before "empty" msg_show #38854 - 1b36b75 messages: truncate warning messages only in display (#38901) - f7e3cf1 move: avoid integer overflow with large 'scrolloff' (#39251) - 452a9b8 normal: pass count to 'keywordprg' as arg1 #38965 - 4d4e196 options: default 'titlestring' shows CWD #39233 - 6583833 pack: GIT_DIR/GIT_WORK_TREE env vars may interfere #39279 - df3d7e3 pack: make 'stash' call compatible with older Git #38679 - 1a5d41a pack: more advice for out-of-sync lockfile #38931 - ca0e381 pum: crash with 'pumborder' and wide item (#38852) - 38be447 pum: info float width grows on reselect with 'linebreak' #38680 - eee2d10 rpc: trigger UILeave earlier on channel close (#38846) - 898ccbc smoothscroll: crash when resizing to textoff with showbreak - 5ac95da statusline: no window-local highlights for last line 'ruler' #38879 - ffb0ebb substitute: don't crash with very large count (#39272) - abcc534 terminal: do not reflow altscreen on resize #39024 - d3ef776 terminal: forward streamed bracketed paste properly (#39152) - 111c7f4 treesitter: TSNode:id() with NUL byte causes unreliable select() #39134 - 2ea9ed3 treesitter: restore highlighting on 32 bit systems #39091 - c294bc3 tui: check background color on resume - b08c289 ui2: dialog paging is inconsistent #39128 - c6b5eb3 ui2: don't dismiss expanded messages for non-typed key #39247 - c6578ea vim.filetype: match() fails if g:ft_ignore_pat is not defined #39158 - a15e27f vim.pos: Range:intersect() drops `buf` #38898 VIM PATCHES -------------------------------------------------------------------------------- - 2721464 450895d: runtime(make): fix wrong highlighting with $ inside double quotes (#39177) - 891c6c9 8.2.2440: documentation based on patches is outdated (#39144) - e203257 9.2.0331: spellfile: stack buffer overflows in spell file generation (#38948) - 8ba79b4 9.2.0345: Wrong autoformatting with 'autocomplete' (#39060) - 9c11229 9.2.0357: [security]: command injection via backticks in tag files (#39102) - 5153006 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails - 187a34d 9.2.0380: completion: a few issues in completion code (#39264) - 15d824e 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff' (#39289) - 19a54ad e666597: runtime(doc): make window option description a bit less vague (#39173) - d672f0f partial:9.2.0348: potential buffer underrun when setting statusline like option (#39063) OTHER -------------------------------------------------------------------------------- - ed47b27 feat(api): rename buffer to buf (#38899) - 570d8fd feat(api): rename buffer to buf in retval #39015 - 15991ab feat(events): trigger MarkSet autocmd in :delmarks (#39218) - b6a3ad3 fix(ui2): ensure msg window is visible after closing tab (#39245) - 099489b refactor: update usages of deprecated "buffer" param #39090 - 55d3d1b test(lsp): extract buf/util parts from lsp_spec.lua (#39170)
PreviousNext