format: Validate too many flags in format string

Avoid a stack overflow Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au>
author: Steve Bennett <steveb@workware.net.au> 2017-05-12 09:46:37 +1000
committer: Steve Bennett <steveb@workware.net.au> 2017-05-12 13:02:03 +1000
commit: e288a2541df4b0cfd02cbe3c1b9305d516149d23 (patch)
tree: 55d6d265269d20b9892b4977f84763c381879780 /jim-format.c
parent: a14d9438b9a67899be0443f39345fa957677f9b8 (diff)
download: jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.zip
jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.gz
jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/jim-format.c b/jim-format.c
index dc6f8ae..bd58137 100644
--- a/jim-format.c
+++ b/jim-format.c
@@ -177,7 +177,8 @@ Jim_Obj *Jim_FormatString(Jim_Interp *interp, Jim_Obj *fmtObjPtr, int objc, Jim_
             *p++ = ch;
             format += step;
             step = utf8_tounicode(format, &ch);
-        } while (sawFlag);
+            /* Only allow one of each flag, so if we have more than 5 flags, stop */
+        } while (sawFlag && (p - spec <= 5));
 
         /*
          * Step 3. Minimum field width.
author	Steve Bennett <steveb@workware.net.au>	2017-05-12 09:46:37 +1000
committer	Steve Bennett <steveb@workware.net.au>	2017-05-12 13:02:03 +1000
commit	e288a2541df4b0cfd02cbe3c1b9305d516149d23 (patch)
tree	55d6d265269d20b9892b4977f84763c381879780 /jim-format.c
parent	a14d9438b9a67899be0443f39345fa957677f9b8 (diff)
download	jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.zip jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.gz jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.bz2