From 3a1d3e9ef1d34e4e6d499aad0968c6f7daf0fd9d Mon Sep 17 00:00:00 2001
From: Daniel Hahler <git@thequod.de>
Date: Tue, 16 Jul 2019 21:35:53 +0200
Subject: [PATCH] tests: shell-test: use count for REP (#10514)

Also fix V576: use width specification

> Incorrect format. Consider checking the third actual argument of the
> 'sscanf' function. It's dangerous to use string specifier without width
> specification. Buffer overflow is possible.
---
 test/functional/fixtures/shell-test.c  | 17 ++++++++++-------
 test/functional/terminal/edit_spec.lua |  7 +++----
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/test/functional/fixtures/shell-test.c b/test/functional/fixtures/shell-test.c
index 6a1f9226d2..1ff1598e2b 100644
--- a/test/functional/fixtures/shell-test.c
+++ b/test/functional/fixtures/shell-test.c
@@ -33,13 +33,12 @@ static void help(void)
   puts("    Prints \"ready $ prog args...\\n\" to stderr.");
   puts("  shell-test -t {prompt text} EXE \"prog args...\"");
   puts("    Prints \"{prompt text} $ progs args...\" to stderr.");
-  puts("  shell-test REP {byte} \"line line line\"");
-  puts("    Prints \"{lnr}: line line line\\n\" to stdout {byte} times.");
-  puts("    I.e. for `shell-test REP ab \"test\"'");
+  puts("  shell-test REP {count} \"line line line\"");
+  puts("    Prints \"{lnr}: line line line\\n\" to stdout {count} times.");
+  puts("    I.e. for `shell-test REP 97 \"test\"'");
   puts("      0: test");
   puts("      ...");
   puts("      96: test");
-  puts("    will be printed because byte `a' is equal to 97.");
   puts("  shell-test INTERACT");
   puts("    Prints \"interact $ \" to stderr, and waits for \"exit\" input.");
 }
@@ -71,8 +70,12 @@ int main(int argc, char **argv)
         fprintf(stderr, "Not enough REP arguments\n");
         return 4;
       }
-      uint8_t number = (uint8_t) *argv[2];
-      for (uint8_t i = 0; i < number; i++) {
+      int count = 0;
+      if (sscanf(argv[2], "%d", &count) != 1) {
+        fprintf(stderr, "Invalid count: %s\n", argv[2]);
+        return 4;
+      }
+      for (uint8_t i = 0; i < count; i++) {
         printf("%d: %s\n", (int) i, argv[3]);
       }
     } else if (strcmp(argv[1], "UTF-8") == 0) {
@@ -104,7 +107,7 @@ int main(int argc, char **argv)
           break;  // EOF
         }
 
-        input_argc = sscanf(input, "%s %d", cmd, &arg);
+        input_argc = sscanf(input, "%99s %d", cmd, &arg);
         if(1 == input_argc) {
           arg = 0;
         }
diff --git a/test/functional/terminal/edit_spec.lua b/test/functional/terminal/edit_spec.lua
index 84d7ae6e9c..d213bae7b3 100644
--- a/test/functional/terminal/edit_spec.lua
+++ b/test/functional/terminal/edit_spec.lua
@@ -34,10 +34,9 @@ describe(':edit term://*', function()
   it("runs TermOpen early enough to set buffer-local 'scrollback'", function()
     local columns, lines = 20, 4
     local scr = get_screen(columns, lines)
-    local rep = 'a'
+    local rep = 97
     meths.set_option('shellcmdflag', 'REP ' .. rep)
     command('set shellxquote=')  -- win: avoid extra quotes
-    local rep_size = rep:byte()  -- 'a' => 97
     local sb = 10
     command('autocmd TermOpen * :setlocal scrollback='..tostring(sb)
             ..'|call feedkeys("G", "n")')
@@ -45,8 +44,8 @@ describe(':edit term://*', function()
 
     local bufcontents = {}
     local winheight = curwinmeths.get_height()
-    local buf_cont_start = rep_size - sb - winheight + 2
-    for i = buf_cont_start,(rep_size - 1) do
+    local buf_cont_start = rep - sb - winheight + 2
+    for i = buf_cont_start,(rep - 1) do
       bufcontents[#bufcontents + 1] = ('%d: foobar'):format(i)
     end
     bufcontents[#bufcontents + 1] = ''