diff options
author | Steve Bennett <steveb@workware.net.au> | 2017-05-12 09:46:37 +1000 |
---|---|---|
committer | Steve Bennett <steveb@workware.net.au> | 2017-05-12 13:02:03 +1000 |
commit | e288a2541df4b0cfd02cbe3c1b9305d516149d23 (patch) | |
tree | 55d6d265269d20b9892b4977f84763c381879780 | |
parent | a14d9438b9a67899be0443f39345fa957677f9b8 (diff) | |
download | jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.zip jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.gz jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.bz2 |
format: Validate too many flags in format string
Avoid a stack overflow
Reported-by: Ryan Whitworth <me@ryanwhitworth.com>
Signed-off-by: Steve Bennett <steveb@workware.net.au>
-rw-r--r-- | jim-format.c | 3 | ||||
-rw-r--r-- | regtest.tcl | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/jim-format.c b/jim-format.c index dc6f8ae..bd58137 100644 --- a/jim-format.c +++ b/jim-format.c @@ -177,7 +177,8 @@ Jim_Obj *Jim_FormatString(Jim_Interp *interp, Jim_Obj *fmtObjPtr, int objc, Jim_ *p++ = ch; format += step; step = utf8_tounicode(format, &ch); - } while (sawFlag); + /* Only allow one of each flag, so if we have more than 5 flags, stop */ + } while (sawFlag && (p - spec <= 5)); /* * Step 3. Minimum field width. diff --git a/regtest.tcl b/regtest.tcl index 7b67586..0761c49 100644 --- a/regtest.tcl +++ b/regtest.tcl @@ -305,6 +305,11 @@ puts "TEST 41 PASSED" catch {exec dummy |x second} puts "TEST 42 PASSED" +# REGTEST 43 +# too many flags to format +catch {format %----------------------------------------d 1} +puts "TEST 43 PASSED" + # TAKE THE FOLLOWING puts AS LAST LINE puts "--- ALL TESTS PASSED ---" |