mirror of
https://git.busybox.net/busybox.git
synced 2024-11-30 17:13:32 +08:00
printf: fix format string sanity check
One of the tests for printf checks for an invalid bare '%' in the format string: $ busybox printf '%' a b c printf: %: invalid format On x86_64 a slightly different test doesn't work correctly: $ busybox printf '%' d e f printf: invalid number 'd' printf: invalid number 'e' printf: invalid number 'f' On other platforms the test fails randomly depending on how the arguments are laid out in memory. There are two places in the code where strchr is used to determine if a character in the format string is valid. However, strchr also returns a valid pointer if the character being searched for is the null terminator thus causing the code to incorrectly suppose that a valid character has been found. Add explicit checks for the null terminator. Signed-off-by: Ron Yorston <rmy@pobox.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
cf5110978b
commit
513a2457b6
@ -305,7 +305,7 @@ static char **print_formatted(char *f, char **argv, int *conv_err)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (strchr("-+ #", *f)) {
|
if (*f && strchr("-+ #", *f)) {
|
||||||
++f;
|
++f;
|
||||||
++direc_length;
|
++direc_length;
|
||||||
}
|
}
|
||||||
@ -348,7 +348,7 @@ static char **print_formatted(char *f, char **argv, int *conv_err)
|
|||||||
static const char format_chars[] ALIGN1 = "diouxXfeEgGcs";
|
static const char format_chars[] ALIGN1 = "diouxXfeEgGcs";
|
||||||
char *p = strchr(format_chars, *f);
|
char *p = strchr(format_chars, *f);
|
||||||
/* needed - try "printf %" without it */
|
/* needed - try "printf %" without it */
|
||||||
if (p == NULL) {
|
if (p == NULL || *f == '\0') {
|
||||||
bb_error_msg("%s: invalid format", direc_start);
|
bb_error_msg("%s: invalid format", direc_start);
|
||||||
/* causes main() to exit with error */
|
/* causes main() to exit with error */
|
||||||
return saved_argv - 1;
|
return saved_argv - 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user