diff options
author | Steve Bennett <steveb@workware.net.au> | 2017-05-12 09:46:37 +1000 |
---|---|---|
committer | Steve Bennett <steveb@workware.net.au> | 2017-05-12 13:02:03 +1000 |
commit | e288a2541df4b0cfd02cbe3c1b9305d516149d23 (patch) | |
tree | 55d6d265269d20b9892b4977f84763c381879780 /jim-format.c | |
parent | a14d9438b9a67899be0443f39345fa957677f9b8 (diff) | |
download | jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.zip jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.gz jimtcl-e288a2541df4b0cfd02cbe3c1b9305d516149d23.tar.bz2 |
format: Validate too many flags in format string
Avoid a stack overflow
Reported-by: Ryan Whitworth <me@ryanwhitworth.com>
Signed-off-by: Steve Bennett <steveb@workware.net.au>
Diffstat (limited to 'jim-format.c')
-rw-r--r-- | jim-format.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/jim-format.c b/jim-format.c index dc6f8ae..bd58137 100644 --- a/jim-format.c +++ b/jim-format.c @@ -177,7 +177,8 @@ Jim_Obj *Jim_FormatString(Jim_Interp *interp, Jim_Obj *fmtObjPtr, int objc, Jim_ *p++ = ch; format += step; step = utf8_tounicode(format, &ch); - } while (sawFlag); + /* Only allow one of each flag, so if we have more than 5 flags, stop */ + } while (sawFlag && (p - spec <= 5)); /* * Step 3. Minimum field width. |