Re: [vim/vim] patch 9.2.0276: [security]: modeline security bypass (75661a6)

5 views
Skip to first unread message

zeertzjq

unread,
Mar 31, 2026, 7:44:28 PM (yesterday) Mar 31
to vim/vim, Subscribed

The test seems to be failing on some CI builds. Perhaps it's missing checks for whether these options are actually supported? Also it seems that the existing Test_modeline_fails_modelineexpr() can be used instead of adding a new function, as s:modeline_fails() already includes checks for whether the option is actually supported.

commit f57b5ca0b82f5534c977148c30a07f90f287191e
Author: zeertzjq <zeer...@outlook.com>
Date:   Wed Apr 1 07:00:22 2026 +0800

    tests: duplicate code for testing E992

diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim
index 25ca6fb43..14f971a2b 100644
--- a/src/testdir/test_modeline.vim
+++ b/src/testdir/test_modeline.vim
@@ -261,13 +261,16 @@ endfunc
 
 func Test_modeline_fails_modelineexpr()
   call s:modeline_fails('balloonexpr', 'balloonexpr=Something()', 'E992:')
+  call s:modeline_fails('complete', "complete=Something()", 'E992:')
   call s:modeline_fails('foldexpr', 'foldexpr=Something()', 'E992:')
   call s:modeline_fails('foldtext', 'foldtext=Something()', 'E992:')
   call s:modeline_fails('formatexpr', 'formatexpr=Something()', 'E992:')
   call s:modeline_fails('guitablabel', 'guitablabel=Something()', 'E992:')
+  call s:modeline_fails('guitabtooltip', 'guitabtooltip=Something()', 'E992:')
   call s:modeline_fails('iconstring', 'iconstring=Something()', 'E992:')
   call s:modeline_fails('includeexpr', 'includeexpr=Something()', 'E992:')
   call s:modeline_fails('indentexpr', 'indentexpr=Something()', 'E992:')
+  call s:modeline_fails('printheader', 'printheader=Something()', 'E992:')
   call s:modeline_fails('rulerformat', 'rulerformat=Something()', 'E992:')
   call s:modeline_fails('statusline', 'statusline=Something()', 'E992:')
   call s:modeline_fails('tabline', 'tabline=Something()', 'E992:')
@@ -490,29 +493,4 @@ func Test_modeline_nowrap_lcs_extends()
   set equalalways&
 endfunc
 
-func Test_modeline_forbidden()
-  let tempfile = tempname()
-  let lines =<< trim END
-    some test text for completion
-    vim: set complete=F{->system('touch_should_not_run')} :
-  END
-  call writefile(lines, tempfile, 'D')
-  call assert_fails($'new {tempfile}', 'E992:')
-  bw!
-  let lines =<< trim END
-    some text
-    vim: set guitabtooltip=%{%mapset()%}:
-  END
-  call writefile(lines, tempfile)
-  call assert_fails($'new {tempfile}', 'E992:')
-  bw!
-  let lines =<< trim END
-    some text
-    vim: set printheader=%{mapset('n',0,{})%)%}:
-  END
-  call writefile(lines, tempfile, 'D')
-  call assert_fails($'new {tempfile}', 'E992:')
-  bw!
-endfunc
-
 " vim: shiftwidth=2 sts=2 expandtab


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587/181141993@github.com>

Christian Brabandt

unread,
3:25 AM (17 hours ago) 3:25 AM
to vim/vim, Subscribed

thanks, that is a good idea, I'll update it


Reply to this email directly, view it on GitHub, or unsubscribe.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587/181168339@github.com>

Reply all
Reply to author
Forward
0 new messages