vim-patch:9.1.1802: 'nowrap' in a modeline may hide malicious code (#35946)

Problem: 'nowrap' in a modeline may hide malicious code. Solution: Forcibly use '>' as 'listchars' "extends" if 'nowrap' was set from a modeline (zeertzjq). Manual `:setlocal nowrap` disables this behavior. There is a separate problem with `:set nowrap` that also applies to some other options. related: vim/vim#18214 related: vim/vim#18399 closes: vim/vim#18425 9d5208a931 Cherry-pick some test_modeline.vim changes from patches 9.0.{0363,0626}.
2025-10-03 16:36:30 +00:00 · 2025-09-29 07:48:46 +08:00
parent fcf752476a
commit 0fa0717d4e
7 changed files with 89 additions and 12 deletions
--- a/test/old/testdir/test_modeline.vim
+++ b/test/old/testdir/test_modeline.vim
@@ -358,22 +358,69 @@ endfunc

 " Some options cannot be set from the modeline when 'diff' option is set
 func Test_modeline_diff_buffer()
-  call writefile(['vim: diff foldmethod=marker wrap'], 'Xfile')
+  call writefile(['vim: diff foldmethod=marker wrap'], 'Xmdifile', 'D')
  set foldmethod& nowrap
-  new Xfile
+  new Xmdifile
  call assert_equal('manual', &foldmethod)
  call assert_false(&wrap)
  set wrap&
-  call delete('Xfile')
  bw
 endfunc

 func Test_modeline_disable()
  set modeline
-  call writefile(['vim: sw=2', 'vim: nomodeline', 'vim: sw=3'], 'Xmodeline_disable')
+  call writefile(['vim: sw=2', 'vim: nomodeline', 'vim: sw=3'], 'Xmodeline_disable', 'D')
  edit Xmodeline_disable
  call assert_equal(2, &sw)
-  call delete('Xmodeline_disable')
+endfunc
+
+" If 'nowrap' is set from a modeline, '>' is used forcibly as lcs-extends.
+func Test_modeline_nowrap_lcs_extends()
+  call writefile([
+        \ 'aaa',
+        \ 'bbb',
+        \ 'ccc                    evil',
+        \ 'ddd                    vim: nowrap',
+        \ ], 'Xmodeline_nowrap', 'D')
+  call NewWindow(10, 20)
+
+  setlocal nolist listchars=
+  edit Xmodeline_nowrap
+  let expect_insecure = [
+        \ 'aaa                 ',
+        \ 'bbb                 ',
+        \ 'ccc                >',
+        \ 'ddd                >',
+        \ '~                   ',
+        \ ]
+  call assert_equal(expect_insecure, ScreenLines([1, 5], 20))
+
+  setlocal nowrap
+  let expect_secure = [
+        \ 'aaa                 ',
+        \ 'bbb                 ',
+        \ 'ccc                 ',
+        \ 'ddd                 ',
+        \ '~                   ',
+        \ ]
+  call assert_equal(expect_secure, ScreenLines([1, 5], 20))
+
+  setlocal list listchars=extends:+
+  let expect_secure = [
+        \ 'aaa                 ',
+        \ 'bbb                 ',
+        \ 'ccc                +',
+        \ 'ddd                +',
+        \ '~                   ',
+        \ ]
+  call assert_equal(expect_secure, ScreenLines([1, 5], 20))
+
+  edit Xmodeline_nowrap
+  call assert_equal(expect_insecure, ScreenLines([1, 5], 20))
+  setlocal nowrap
+  call assert_equal(expect_secure, ScreenLines([1, 5], 20))
+
+  call CloseWindow()
 endfunc

 " vim: shiftwidth=2 sts=2 expandtab