summaryrefslogtreecommitdiffhomepage
path: root/mrbgems/mruby-sprintf/src/sprintf.c
diff options
context:
space:
mode:
authorYukihiro "Matz" Matsumoto <[email protected]>2017-03-11 15:22:54 +0900
committerYukihiro "Matz" Matsumoto <[email protected]>2017-03-11 15:22:54 +0900
commit94395e81c1e853fbfd507a0d12e5836a64bf0ce7 (patch)
treefa1367484c451639d02c943acb0dd43b695aa810 /mrbgems/mruby-sprintf/src/sprintf.c
parentf30ec2dfb0217fd1426dbdfa1db22da51bbe73b5 (diff)
downloadmruby-94395e81c1e853fbfd507a0d12e5836a64bf0ce7.tar.gz
mruby-94395e81c1e853fbfd507a0d12e5836a64bf0ce7.zip
The width printf specifier may be negative; fix #3498
Diffstat (limited to 'mrbgems/mruby-sprintf/src/sprintf.c')
-rw-r--r--mrbgems/mruby-sprintf/src/sprintf.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/mrbgems/mruby-sprintf/src/sprintf.c b/mrbgems/mruby-sprintf/src/sprintf.c
index fcda7733d..cc00198d0 100644
--- a/mrbgems/mruby-sprintf/src/sprintf.c
+++ b/mrbgems/mruby-sprintf/src/sprintf.c
@@ -116,6 +116,7 @@ mrb_fix2binstr(mrb_state *mrb, mrb_value x, int base)
#define CHECK(l) do {\
/* int cr = ENC_CODERANGE(result);*/\
+ if ((l) < 0) mrb_raise(mrb, E_ARGUMENT_ERROR, "illegal specifier"); \
while ((l) >= bsiz - blen) {\
bsiz*=2;\
if (bsiz < 0) mrb_raise(mrb, E_ARGUMENT_ERROR, "too big specifier"); \
@@ -766,7 +767,7 @@ retry:
width -= (int)slen;
if (!(flags&FMINUS)) {
CHECK(width);
- while (width--) {
+ while (width-- > 0) {
buf[blen++] = ' ';
}
}
@@ -775,7 +776,7 @@ retry:
blen += len;
if (flags&FMINUS) {
CHECK(width);
- while (width--) {
+ while (width-- > 0) {
buf[blen++] = ' ';
}
}
@@ -982,7 +983,7 @@ retry:
width -= prec;
}
- if (!(flags&FMINUS)) {
+ if (!(flags&FMINUS) && width > 0) {
CHECK(width);
while (width-- > 0) {
buf[blen++] = ' ';
@@ -1012,9 +1013,11 @@ retry:
}
PUSH(s, len);
- CHECK(width);
- while (width-- > 0) {
- buf[blen++] = ' ';
+ if (width > 0) {
+ CHECK(width);
+ while (width-- > 0) {
+ buf[blen++] = ' ';
+ }
}
}
break;
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-14 23:54:07 +0000