From 0a3d615b1ca17cda978b89d66acef39b90ee7c81 Mon Sep 17 00:00:00 2001 From: deforde <7503504+deforde@users.noreply.github.com> Date: Sun, 15 May 2022 22:06:23 +0200 Subject: [PATCH] fix(api): nvim_eval_statusline should validate input #18347 Fix #18112 Make an exception for strings starting with "%!". --- src/nvim/api/vim.c | 8 ++++++++ test/functional/api/vim_spec.lua | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/src/nvim/api/vim.c b/src/nvim/api/vim.c index d1da3312e1..fca86fe440 100644 --- a/src/nvim/api/vim.c +++ b/src/nvim/api/vim.c @@ -2276,6 +2276,14 @@ Dictionary nvim_eval_statusline(String str, Dict(eval_statusline) *opts, Error * bool use_tabline = false; bool highlights = false; + if (str.size < 2 || memcmp(str.data, "%!", 2)) { + const char *const errmsg = check_stl_option((char_u *)str.data); + if (errmsg) { + api_set_error(err, kErrorTypeValidation, "%s", errmsg); + return result; + } + } + if (HAS_KEY(opts->winid)) { if (opts->winid.type != kObjectTypeInteger) { api_set_error(err, kErrorTypeValidation, "winid must be an integer"); diff --git a/test/functional/api/vim_spec.lua b/test/functional/api/vim_spec.lua index f39aa2f20b..ba170ba8c5 100644 --- a/test/functional/api/vim_spec.lua +++ b/test/functional/api/vim_spec.lua @@ -3044,6 +3044,10 @@ describe('API', function() eq('fillchar must be a single character', pcall_err(meths.eval_statusline, '', { fillchar = 1 })) end) + it('rejects invalid string', function() + eq('E539: Illegal character <}>', + pcall_err(meths.eval_statusline, '%{%}', {})) + end) describe('highlight parsing', function() it('works', function() eq({