From a540c57b73cf314f97e978c2abb6230aa984d487 Mon Sep 17 00:00:00 2001 From: Ed Page Date: Wed, 3 Dec 2025 13:43:12 -0600 Subject: [PATCH 1/2] test(frontmatter): Include too many dashes --- tests/testsuite/script/rustc.rs | 8 ++++ .../rustc_fixtures/fence-too-many-dashes.rs | 9 ++++ .../fence-too-many-dashes.stdout | 41 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.rs create mode 100644 tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout diff --git a/tests/testsuite/script/rustc.rs b/tests/testsuite/script/rustc.rs index d0f6693751b..05a421c6e1d 100644 --- a/tests/testsuite/script/rustc.rs +++ b/tests/testsuite/script/rustc.rs @@ -270,6 +270,14 @@ fn fence_mismatch_2() { assert_failure(fixture_path, assertion_path); } +#[cargo_test(nightly, reason = "-Zscript is unstable")] +#[rustfmt::skip] // code-generated +fn fence_too_many_dashes() { + let fixture_path = "tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.rs"; + let assertion_path = "tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout"; + assert_success(fixture_path, assertion_path); +} + #[cargo_test(nightly, reason = "-Zscript is unstable")] #[rustfmt::skip] // code-generated fn fence_unclosed_1() { diff --git a/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.rs b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.rs new file mode 100644 index 00000000000..eda74de4a81 --- /dev/null +++ b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.rs @@ -0,0 +1,9 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +[dependencies] +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + +#![feature(frontmatter)] + +// check that we limit fence lengths + +fn main() {} diff --git a/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout new file mode 100644 index 00000000000..86596e996c4 --- /dev/null +++ b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout @@ -0,0 +1,41 @@ +{ + "authors": [], + "categories": [], + "default_run": null, + "dependencies": [], + "description": null, + "documentation": null, + "edition": "2024", + "features": {}, + "homepage": null, + "id": "path+[ROOTURL]/foo/script#0.0.0", + "keywords": [], + "license": null, + "license_file": null, + "links": null, + "manifest_path": "[ROOT]/foo/script", + "metadata": null, + "name": "script", + "publish": [], + "readme": null, + "repository": null, + "rust_version": null, + "source": null, + "targets": [ + { + "crate_types": [ + "bin" + ], + "doc": true, + "doctest": false, + "edition": "2024", + "kind": [ + "bin" + ], + "name": "script", + "src_path": "[ROOT]/foo/script", + "test": true + } + ], + "version": "0.0.0" +} \ No newline at end of file From 5c49e2bb4105c1057c4d4faceac79e6086288156 Mon Sep 17 00:00:00 2001 From: Ed Page Date: Wed, 3 Dec 2025 13:48:55 -0600 Subject: [PATCH 2/2] fix(frontmatter): Restrict code fence length Port rust-lang/rust#149358 over to Cargo --- src/cargo/util/frontmatter.rs | 8 ++++ tests/testsuite/script/rustc.rs | 4 +- .../fence-too-many-dashes.stderr | 5 +++ .../fence-too-many-dashes.stdout | 41 ------------------- 4 files changed, 15 insertions(+), 43 deletions(-) create mode 100644 tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stderr delete mode 100644 tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout diff --git a/src/cargo/util/frontmatter.rs b/src/cargo/util/frontmatter.rs index 6d50878077f..f62669bb535 100644 --- a/src/cargo/util/frontmatter.rs +++ b/src/cargo/util/frontmatter.rs @@ -75,6 +75,14 @@ impl<'s> ScriptSource<'s> { raw.len()..raw.len(), ).push_visible_span(open_start..open_end)); } + _ if u8::try_from(fence_length).is_err() => { + return Err(FrontmatterError::new( + format!( + "too many `-` symbols: frontmatter openings may be delimited by up to 255 `-` symbols, but found {fence_length}" + ), + open_start..open_end, + )); + } _ => {} } source.open = Some(open_start..open_end); diff --git a/tests/testsuite/script/rustc.rs b/tests/testsuite/script/rustc.rs index 05a421c6e1d..7559c0259e9 100644 --- a/tests/testsuite/script/rustc.rs +++ b/tests/testsuite/script/rustc.rs @@ -274,8 +274,8 @@ fn fence_mismatch_2() { #[rustfmt::skip] // code-generated fn fence_too_many_dashes() { let fixture_path = "tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.rs"; - let assertion_path = "tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout"; - assert_success(fixture_path, assertion_path); + let assertion_path = "tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stderr"; + assert_failure(fixture_path, assertion_path); } #[cargo_test(nightly, reason = "-Zscript is unstable")] diff --git a/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stderr b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stderr new file mode 100644 index 00000000000..aa1ef701e9e --- /dev/null +++ b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stderr @@ -0,0 +1,5 @@ +[ERROR] too many `-` symbols: frontmatter openings may be delimited by up to 255 `-` symbols, but found 256 + --> script:1:1 + | +1 | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout b/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout deleted file mode 100644 index 86596e996c4..00000000000 --- a/tests/testsuite/script/rustc_fixtures/fence-too-many-dashes.stdout +++ /dev/null @@ -1,41 +0,0 @@ -{ - "authors": [], - "categories": [], - "default_run": null, - "dependencies": [], - "description": null, - "documentation": null, - "edition": "2024", - "features": {}, - "homepage": null, - "id": "path+[ROOTURL]/foo/script#0.0.0", - "keywords": [], - "license": null, - "license_file": null, - "links": null, - "manifest_path": "[ROOT]/foo/script", - "metadata": null, - "name": "script", - "publish": [], - "readme": null, - "repository": null, - "rust_version": null, - "source": null, - "targets": [ - { - "crate_types": [ - "bin" - ], - "doc": true, - "doctest": false, - "edition": "2024", - "kind": [ - "bin" - ], - "name": "script", - "src_path": "[ROOT]/foo/script", - "test": true - } - ], - "version": "0.0.0" -} \ No newline at end of file