patch 8.1.1143: may pass weird strings to file name expansion Problem: May pass weird strings to file name expansion. Solution: Check for matching characters. Disallow control characters.

commit: 8f130eda4747e4a4d68353cdb650f359fd01469b [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Wed Apr 10 22:15:19 2019 +0200
committer: Bram Moolenaar <Bram@vim.org> Wed Apr 10 22:15:19 2019 +0200
tree: 0c07f9b0d8203788f1929ad8383839020f1f41cb
parent: 3fb01a53c685d8d7e7bd83c33500de80aed0d7c8 [diff] [blame]
diff --git a/src/misc1.c b/src/misc1.c
index 54da890..3797094 100644
--- a/src/misc1.c
+++ b/src/misc1.c

@@ -6170,11 +6170,22 @@
 {
     for ( ; *p; MB_PTR_ADV(p))
     {
-	/* Allow for escaping. */
-	if (*p == '\\' && p[1] != NUL)
+	// Disallow line break characters.
+	if (*p == '\r' || *p == '\n')
+	    break;
+	// Allow for escaping.
+	if (*p == '\\' && p[1] != NUL && p[1] != '\r' && p[1] != '\n')
 	    ++p;
 	else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL)
+	{
+	    // A { must be followed by a matching }.
+	    if (*p == '{' && vim_strchr(p, '}') == NULL)
+		continue;
+	    // A quote and backtick must be followed by another one.
+	    if ((*p == '`' || *p == '\'') && vim_strchr(p, *p) == NULL)
+		continue;
 	    return TRUE;
+	}
     }
     return FALSE;
 }
commit	8f130eda4747e4a4d68353cdb650f359fd01469b	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Wed Apr 10 22:15:19 2019 +0200
committer	Bram Moolenaar <Bram@vim.org>	Wed Apr 10 22:15:19 2019 +0200
tree	0c07f9b0d8203788f1929ad8383839020f1f41cb
parent	3fb01a53c685d8d7e7bd83c33500de80aed0d7c8 [diff] [blame]