fix(api): nvim_eval_statusline should validate input #18347

Fix #18112 Make an exception for strings starting with "%!".
author: deforde <7503504+deforde@users.noreply.github.com> 2022-05-15 22:06:23 +0200
committer: GitHub <noreply@github.com> 2022-05-15 13:06:23 -0700
commit: 0a3d615b1ca17cda978b89d66acef39b90ee7c81 (patch)
tree: 47d06ff4eeed6fac8c37bebac78d5ce4b8f1f210 /src/nvim/api/vim.c
parent: 19da1071dca51d0045dd66fbe2a594dfd6c1c445 (diff)
download: rneovim-0a3d615b1ca17cda978b89d66acef39b90ee7c81.tar.gz
rneovim-0a3d615b1ca17cda978b89d66acef39b90ee7c81.tar.bz2
rneovim-0a3d615b1ca17cda978b89d66acef39b90ee7c81.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/nvim/api/vim.c b/src/nvim/api/vim.c
index d1da3312e1..fca86fe440 100644
--- a/src/nvim/api/vim.c
+++ b/src/nvim/api/vim.c
@@ -2276,6 +2276,14 @@ Dictionary nvim_eval_statusline(String str, Dict(eval_statusline) *opts, Error *
   bool use_tabline = false;
   bool highlights = false;
 
+  if (str.size < 2 || memcmp(str.data, "%!", 2)) {
+    const char *const errmsg = check_stl_option((char_u *)str.data);
+    if (errmsg) {
+      api_set_error(err, kErrorTypeValidation, "%s", errmsg);
+      return result;
+    }
+  }
+
   if (HAS_KEY(opts->winid)) {
     if (opts->winid.type != kObjectTypeInteger) {
       api_set_error(err, kErrorTypeValidation, "winid must be an integer");
author	deforde <7503504+deforde@users.noreply.github.com>	2022-05-15 22:06:23 +0200
committer	GitHub <noreply@github.com>	2022-05-15 13:06:23 -0700
commit	0a3d615b1ca17cda978b89d66acef39b90ee7c81 (patch)
tree	47d06ff4eeed6fac8c37bebac78d5ce4b8f1f210 /src/nvim/api/vim.c
parent	19da1071dca51d0045dd66fbe2a594dfd6c1c445 (diff)
download	rneovim-0a3d615b1ca17cda978b89d66acef39b90ee7c81.tar.gz rneovim-0a3d615b1ca17cda978b89d66acef39b90ee7c81.tar.bz2 rneovim-0a3d615b1ca17cda978b89d66acef39b90ee7c81.zip