From 907a0bcad6b7bcbe2d8ba6093bdcbb0e091e2318 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Fri, 6 Nov 2020 15:13:14 -0400
Subject: [PATCH] avoid providing filename with NUL to quickcheck properties

instance Arbitrary [Char] allows that, and it's not a legal part of a
filename so can break processing them.

Noticed when prop_view_roundtrips failed.

The instance Arbitrary AssociatedFile avoids this problem.

This commit was sponsored by Mark Reidenbach on Patreon.
---
 Annex/View.hs   | 11 ++++++-----
 Utility/Path.hs |  2 ++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/Annex/View.hs b/Annex/View.hs
index 0648436c10..f13c92909f 100644
--- a/Annex/View.hs
+++ b/Annex/View.hs
@@ -39,6 +39,7 @@ import qualified Data.Text as T
 import qualified Data.ByteString as B
 import qualified Data.Set as S
 import qualified Data.Map as M
+import qualified System.FilePath.ByteString as P
 import "mtl" Control.Monad.Writer
 
 {- Each visible ViewFilter in a view results in another level of
@@ -293,12 +294,12 @@ fromView view f = MetaData $
  - it to a file yields a set of ViewedFile which all contain the same
  - MetaFields that were present in the input metadata
  - (excluding fields that are not visible). -}
-prop_view_roundtrips :: FilePath -> MetaData -> Bool -> Bool
-prop_view_roundtrips f metadata visible = or
-	[ null f
-	, null (takeFileName f) && null (takeDirectory f)
+prop_view_roundtrips :: AssociatedFile -> MetaData -> Bool -> Bool
+prop_view_roundtrips (AssociatedFile Nothing) _ _ = True
+prop_view_roundtrips (AssociatedFile (Just f)) metadata visible = or
+	[ B.null (P.takeFileName f) && B.null (P.takeDirectory f)
 	, viewTooLarge view
-	, all hasfields (viewedFiles view viewedFileFromReference f metadata)
+	, all hasfields (viewedFiles view viewedFileFromReference (fromRawFilePath f) metadata)
 	]
   where
 	view = View (Git.Ref "foo") $
diff --git a/Utility/Path.hs b/Utility/Path.hs
index 43d0cb196a..1ef147bd5e 100644
--- a/Utility/Path.hs
+++ b/Utility/Path.hs
@@ -88,6 +88,7 @@ upFrom dir
 prop_upFrom_basics :: FilePath -> Bool
 prop_upFrom_basics dir
 	| null dir = True
+	| '\NUL' `elem` dir = True -- not a legal filename
 	| dir == "/" = p == Nothing
 	| otherwise = p /= Just dir
   where
@@ -226,6 +227,7 @@ relPathDirToFileAbs from to
 prop_relPathDirToFileAbs_basics :: FilePath -> FilePath -> Bool
 prop_relPathDirToFileAbs_basics from to
 	| null from || null to = True
+	| '\NUL' `elem` from || '\NUL' `elem` to = True -- not a legal filename
 	| from == to = null r
 	| otherwise = not (null r)
   where