diff options
author | Steve Bennett <steveb@workware.net.au> | 2017-05-12 09:58:37 +1000 |
---|---|---|
committer | Steve Bennett <steveb@workware.net.au> | 2017-05-12 13:02:09 +1000 |
commit | 002a3ef0b663724b0f43dbd2d184505afae6dd3e (patch) | |
tree | ae15979f770d0d2210cddbb8ad677cfb74f6d677 | |
parent | e288a2541df4b0cfd02cbe3c1b9305d516149d23 (diff) | |
download | jimtcl-002a3ef0b663724b0f43dbd2d184505afae6dd3e.zip jimtcl-002a3ef0b663724b0f43dbd2d184505afae6dd3e.tar.gz jimtcl-002a3ef0b663724b0f43dbd2d184505afae6dd3e.tar.bz2 |
format: Restrict formatted fields to a reasonable size
Calling the system sprintf() with overly long sizes can cause problems,
so limit field size to 10000.
Reported-by: Ryan Whitworth <me@ryanwhitworth.com>
Signed-off-by: Steve Bennett <steveb@workware.net.au>
-rw-r--r-- | jim-format.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/jim-format.c b/jim-format.c index bd58137..c3e606a 100644 --- a/jim-format.c +++ b/jim-format.c @@ -399,6 +399,13 @@ Jim_Obj *Jim_FormatString(Jim_Interp *interp, Jim_Obj *fmtObjPtr, int objc, Jim_ *p++ = (char) ch; *p = '\0'; + /* Put some reasonable limits on the field size */ + if (width > 10000 || length > 10000) { + Jim_SetResultString(interp, "format too long", -1); + goto error; + } + + /* Adjust length for width and precision */ if (width > length) { length = width; |