From 8d982ab52269e8adccbc21cc0d6f8ab3b817bf6e Mon Sep 17 00:00:00 2001 From: ZyX Date: Sun, 9 Apr 2017 20:55:48 +0300 Subject: coverity/13686: Do not allow NUL byte in precondition regex Before this commit it emitted e_spell_trunc in the first case and treated file as completely valid on the second. While first is fine (both errors are actually valid, though old error is probably better), second results in incorrect regex used. --- test/functional/spell/spellfile_spec.lua | 61 ++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 test/functional/spell/spellfile_spec.lua (limited to 'test/functional') diff --git a/test/functional/spell/spellfile_spec.lua b/test/functional/spell/spellfile_spec.lua new file mode 100644 index 0000000000..88f757249e --- /dev/null +++ b/test/functional/spell/spellfile_spec.lua @@ -0,0 +1,61 @@ +local helpers = require('test.functional.helpers')(after_each) +local lfs = require('lfs') + +local eq = helpers.eq +local clear = helpers.clear +local meths = helpers.meths +local exc_exec = helpers.exc_exec +local write_file = helpers.write_file + +local testdir = 'Xtest-functional-spell-spellfile.d' + +describe('spellfile', function() + before_each(function() + clear() + lfs.mkdir(testdir) + lfs.mkdir(testdir .. '/spell') + end) + after_each(function() + lfs.rmdir(testdir) + end) + -- ┌ Magic string (#VIMSPELLMAGIC) + -- │ ┌ Spell file version (#VIMSPELLVERSION) + local spellheader = 'VIMspell\050' + it('errors out when prefcond section is truncated', function() + meths.set_option('runtimepath', testdir) + write_file(testdir .. '/spell/en.ascii.spl', + -- ┌ Section identifier (#SN_PREFCOND) + -- │ ┌ Section flags (#SNF_REQUIRED or zero) + -- │ │ ┌ Section length (4 bytes, MSB first) + -- │ │ │ + spellheader .. '\003\001\000\000\000\003' + -- ┌ Number of regexes in section (2 bytes, MSB first) + -- │ ┌ Condition length (1 byte) + -- │ │ ┌ Condition regex (missing!) + .. '\000\001\001') + meths.set_option('spelllang', 'en') + eq('Vim(set):E759: Format error in spell file', + exc_exec('set spell')) + end) + it('errors out when prefcond regexp contains NUL byte', function() + meths.set_option('runtimepath', testdir) + write_file(testdir .. '/spell/en.ascii.spl', + -- ┌ Section identifier (#SN_PREFCOND) + -- │ ┌ Section flags (#SNF_REQUIRED or zero) + -- │ │ ┌ Section length (4 bytes, MSB first) + -- │ │ │ + spellheader .. '\003\001\000\000\000\008' + -- ┌ Number of regexes in section (2 bytes, MSB first) + -- │ ┌ Condition length (1 byte) + -- │ │ ┌ Condition regex + -- │ │ │ ┌ End of sections marker + .. '\000\001\005ab\000cd\255' + -- ┌ LWORDTREE tree length (4 bytes) + -- │ ┌ KWORDTREE tree length (4 bytes) + -- │ │ ┌ PREFIXTREE tree length + .. '\000\000\000\000\000\000\000\000\000\000\000\000') + meths.set_option('spelllang', 'en') + eq('Vim(set):E759: Format error in spell file', + exc_exec('set spell')) + end) +end) -- cgit From 5b4f07ee86194a7c6032991102c96387581029c9 Mon Sep 17 00:00:00 2001 From: ZyX Date: Sun, 9 Apr 2017 21:47:45 +0300 Subject: spellfile: Use old error This makes first test not actually show any change in behaviour. --- test/functional/spell/spellfile_spec.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/functional') diff --git a/test/functional/spell/spellfile_spec.lua b/test/functional/spell/spellfile_spec.lua index 88f757249e..e7ad79c009 100644 --- a/test/functional/spell/spellfile_spec.lua +++ b/test/functional/spell/spellfile_spec.lua @@ -34,7 +34,7 @@ describe('spellfile', function() -- │ │ ┌ Condition regex (missing!) .. '\000\001\001') meths.set_option('spelllang', 'en') - eq('Vim(set):E759: Format error in spell file', + eq('Vim(set):E758: Truncated spell file', exc_exec('set spell')) end) it('errors out when prefcond regexp contains NUL byte', function() -- cgit From ecce981dba367d61be170b535083691dd9c40cd2 Mon Sep 17 00:00:00 2001 From: ZyX Date: Sun, 9 Apr 2017 22:02:26 +0300 Subject: coverity/13687: Do not allow NUL byte in region names --- test/functional/spell/spellfile_spec.lua | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'test/functional') diff --git a/test/functional/spell/spellfile_spec.lua b/test/functional/spell/spellfile_spec.lua index e7ad79c009..4b76077605 100644 --- a/test/functional/spell/spellfile_spec.lua +++ b/test/functional/spell/spellfile_spec.lua @@ -58,4 +58,22 @@ describe('spellfile', function() eq('Vim(set):E759: Format error in spell file', exc_exec('set spell')) end) + it('errors out when region contains NUL byte', function() + meths.set_option('runtimepath', testdir) + write_file(testdir .. '/spell/en.ascii.spl', + -- ┌ Section identifier (#SN_REGION) + -- │ ┌ Section flags (#SNF_REQUIRED or zero) + -- │ │ ┌ Section length (4 bytes, MSB first) + -- │ │ │ + spellheader .. '\000\001\000\000\000\008' + -- ┌ Regions ┌ End of sections marker + .. '01234\00067\255' + -- ┌ LWORDTREE tree length (4 bytes) + -- │ ┌ KWORDTREE tree length (4 bytes) + -- │ │ ┌ PREFIXTREE tree length + .. '\000\000\000\000\000\000\000\000\000\000\000\000') + meths.set_option('spelllang', 'en') + eq('Vim(set):E759: Format error in spell file', + exc_exec('set spell')) + end) end) -- cgit From 8f75b67c0733f09b8bc1d99235eb3231abc6500c Mon Sep 17 00:00:00 2001 From: ZyX Date: Sun, 9 Apr 2017 22:16:26 +0300 Subject: coverity/13688: Check for NUL bytes in salfrom --- test/functional/spell/spellfile_spec.lua | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'test/functional') diff --git a/test/functional/spell/spellfile_spec.lua b/test/functional/spell/spellfile_spec.lua index 4b76077605..05c2293c50 100644 --- a/test/functional/spell/spellfile_spec.lua +++ b/test/functional/spell/spellfile_spec.lua @@ -27,7 +27,6 @@ describe('spellfile', function() -- ┌ Section identifier (#SN_PREFCOND) -- │ ┌ Section flags (#SNF_REQUIRED or zero) -- │ │ ┌ Section length (4 bytes, MSB first) - -- │ │ │ spellheader .. '\003\001\000\000\000\003' -- ┌ Number of regexes in section (2 bytes, MSB first) -- │ ┌ Condition length (1 byte) @@ -43,7 +42,6 @@ describe('spellfile', function() -- ┌ Section identifier (#SN_PREFCOND) -- │ ┌ Section flags (#SNF_REQUIRED or zero) -- │ │ ┌ Section length (4 bytes, MSB first) - -- │ │ │ spellheader .. '\003\001\000\000\000\008' -- ┌ Number of regexes in section (2 bytes, MSB first) -- │ ┌ Condition length (1 byte) @@ -64,7 +62,6 @@ describe('spellfile', function() -- ┌ Section identifier (#SN_REGION) -- │ ┌ Section flags (#SNF_REQUIRED or zero) -- │ │ ┌ Section length (4 bytes, MSB first) - -- │ │ │ spellheader .. '\000\001\000\000\000\008' -- ┌ Regions ┌ End of sections marker .. '01234\00067\255' @@ -76,4 +73,28 @@ describe('spellfile', function() eq('Vim(set):E759: Format error in spell file', exc_exec('set spell')) end) + it('errors out when SAL section contains NUL byte', function() + meths.set_option('runtimepath', testdir) + write_file(testdir .. '/spell/en.ascii.spl', + -- ┌ Section identifier (#SN_SAL) + -- │ ┌ Section flags (#SNF_REQUIRED or zero) + -- │ │ ┌ Section length (4 bytes, MSB first) + spellheader .. '\005\001\000\000\000\008' + -- ┌ salflags + -- │ ┌ salcount (2 bytes, MSB first) + -- │ │ ┌ salfromlen (1 byte) + -- │ │ │ ┌ Special character + -- │ │ │ │┌ salfrom (should not contain NUL) + -- │ │ │ ││ ┌ saltolen + -- │ │ │ ││ │ ┌ salto + -- │ │ │ ││ │ │┌ End of sections marker + .. '\000\000\001\0024\000\0017\255' + -- ┌ LWORDTREE tree length (4 bytes) + -- │ ┌ KWORDTREE tree length (4 bytes) + -- │ │ ┌ PREFIXTREE tree length + .. '\000\000\000\000\000\000\000\000\000\000\000\000') + meths.set_option('spelllang', 'en') + eq('Vim(set):E759: Format error in spell file', + exc_exec('set spell')) + end) end) -- cgit From 35584594f5cfd46e9a56d9bc3473244c437a944a Mon Sep 17 00:00:00 2001 From: ZyX Date: Sun, 9 Apr 2017 22:30:48 +0300 Subject: coverity/13689: Check file header with memcmp Not that it is actually useful (would fail in any case), but should fix coverity report. --- test/functional/spell/spellfile_spec.lua | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'test/functional') diff --git a/test/functional/spell/spellfile_spec.lua b/test/functional/spell/spellfile_spec.lua index 05c2293c50..e7cd10d2ac 100644 --- a/test/functional/spell/spellfile_spec.lua +++ b/test/functional/spell/spellfile_spec.lua @@ -97,4 +97,12 @@ describe('spellfile', function() eq('Vim(set):E759: Format error in spell file', exc_exec('set spell')) end) + it('errors out when spell header contains NUL bytes', function() + meths.set_option('runtimepath', testdir) + write_file(testdir .. '/spell/en.ascii.spl', + spellheader:sub(1, -3) .. '\000\000') + meths.set_option('spelllang', 'en') + eq('Vim(set):E757: This does not look like a spell file', + exc_exec('set spell')) + end) end) -- cgit From fa7ace446e724f888c815fe177c7b6e7b8057b7d Mon Sep 17 00:00:00 2001 From: ZyX Date: Sun, 9 Apr 2017 23:38:05 +0300 Subject: coverity/56795: Fix NULL dereference in :syn keyword non-printable Bug was introduced 3 years earlier, in 13848aa: NULL keyword_copy was incorrectly treated as an indicator of OOM. --- test/functional/ex_cmds/syntax_spec.lua | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 test/functional/ex_cmds/syntax_spec.lua (limited to 'test/functional') diff --git a/test/functional/ex_cmds/syntax_spec.lua b/test/functional/ex_cmds/syntax_spec.lua new file mode 100644 index 0000000000..c9e96703de --- /dev/null +++ b/test/functional/ex_cmds/syntax_spec.lua @@ -0,0 +1,17 @@ +local helpers = require('test.functional.helpers')(after_each) + +local eq = helpers.eq +local clear = helpers.clear +local exc_exec = helpers.exc_exec + +describe(':syntax', function() + before_each(clear) + + describe('keyword', function() + it('does not crash when group name contains unprintable characters', + function() + eq('Vim(syntax):E669: Unprintable character in group name', + exc_exec('syntax keyword \024 foo bar')) + end) + end) +end) -- cgit