git.ipfire.org Git - thirdparty/vim.git/commit

author	Christian Brabandt <cb@256bit.org>
	Sun, 3 May 2026 17:47:50 +0000 (17:47 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Sun, 3 May 2026 17:47:50 +0000 (17:47 +0000)
commit	fde5a56ecbf9101314ddcc572533e147a9fb11ff
tree	97c19838515c53b7228eabcaf0a78afa0c321fb3	tree \| snapshot
parent	5c700152ae23c91b6edef3fa3e7ba06d40be0f9e	commit \| diff

patch 9.2.0434: cscope: filename interpreted by /bin/sh

Problem:  cs_create_connection() builds the cscope command by
          interpolating csinfo[i].fname (and ppath, flags) into a
          string and lets the shell parse it.  Shell metacharacters
          in a database filename are therefore evaluated by /bin/sh
          before cscope is exec'd, rather than being passed through as a
          literal path (q1uf3ng)
Solution: Build argv directly and execvp() the cscope binary
          without an intervening shell.

closes: #20119

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

src/if_cscope.c		diff \| blob \| blame \| history
src/testdir/test_cscope.vim		diff \| blob \| blame \| history
src/version.c		diff \| blob \| blame \| history