printf: fix format string sanity check

One of the tests for printf checks for an invalid bare '%' in the
format string:

   $ busybox printf '%' a b c
   printf: %: invalid format

On x86_64 a slightly different test doesn't work correctly:

   $ busybox printf '%' d e f
   printf: invalid number 'd'
   printf: invalid number 'e'
   printf: invalid number 'f'

On other platforms the test fails randomly depending on how the
arguments are laid out in memory.

There are two places in the code where strchr is used to determine if
a character in the format string is valid.  However, strchr also returns
a valid pointer if the character being searched for is the null terminator
thus causing the code to incorrectly suppose that a valid character has
been found.

Add explicit checks for the null terminator.

Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Ron Yorston 2017-07-18 09:33:22 +01:00 committed by Denys Vlasenko
parent cf5110978b
commit 513a2457b6

View File

@ -305,7 +305,7 @@ static char **print_formatted(char *f, char **argv, int *conv_err)
} }
break; break;
} }
if (strchr("-+ #", *f)) { if (*f && strchr("-+ #", *f)) {
++f; ++f;
++direc_length; ++direc_length;
} }
@ -348,7 +348,7 @@ static char **print_formatted(char *f, char **argv, int *conv_err)
static const char format_chars[] ALIGN1 = "diouxXfeEgGcs"; static const char format_chars[] ALIGN1 = "diouxXfeEgGcs";
char *p = strchr(format_chars, *f); char *p = strchr(format_chars, *f);
/* needed - try "printf %" without it */ /* needed - try "printf %" without it */
if (p == NULL) { if (p == NULL || *f == '\0') {
bb_error_msg("%s: invalid format", direc_start); bb_error_msg("%s: invalid format", direc_start);
/* causes main() to exit with error */ /* causes main() to exit with error */
return saved_argv - 1; return saved_argv - 1;