Re: Completion script for the ctags program

[Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>]

Daniel Shahaf wrote on Sun, Mar 07, 2021 at 22:10:56 +0000:
> Jacob Gelbman wrote on Sun, 07 Mar 2021 21:57 +00:00:
> > > On Mar 7, 2021, at 3:42 PM, Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx> wrote:
> > > Jacob Gelbman wrote on Sun, 07 Mar 2021 19:18 +00:00:
> > >>>> elif [ "$state" = "languages" ]; then
> > >>>>   _values -s , languages $languages
> > >>> 
> > >>> Don't pass unsanitized command output to a builtin.  I don't know the
> > >>> fix off the top of my head.
> > > 
> > > This point has been neither responded to nor implemented.
> > 
> > I sanitize the output a little bit, by cutting just the first word from 
> > the list that’s returned. That fixes lines like "OldC++ [disabled]" And 
> > I’m not that worried about possibly feeding in incorrectly formatted 
> > data. What’s the worst that could happen? The listing will look messed 
> > up?
> 
> An option flag could be injected from an external command into compadd. [...]

Do you intend to send a revised patch to address this?

> You don't know in advance what flag that would be and what it would mean
> in compadd (you need to consider future compadd too), so this is
> essentially undefined behaviour.