From 432570723d027313f0d8dd5d3724fbc53f160e5c Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Sat, 17 Dec 2016 23:37:35 +0900
Subject: Check if width is zero or negative before fill; fix #3347

Reported by https://hackerone.com/haquaman.
---
 mrbgems/mruby-sprintf/src/sprintf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mrbgems/mruby-sprintf/src/sprintf.c')

diff --git a/mrbgems/mruby-sprintf/src/sprintf.c b/mrbgems/mruby-sprintf/src/sprintf.c
index d4290ec59..b5f9284d9 100644
--- a/mrbgems/mruby-sprintf/src/sprintf.c
+++ b/mrbgems/mruby-sprintf/src/sprintf.c
@@ -720,10 +720,10 @@ retry:
           CHECK(n);
           memcpy(buf+blen, c, n);
           blen += n;
-          FILL(' ', width-1);
+          if (width>0) FILL(' ', width-1);
         }
         else {
-          FILL(' ', width-1);
+          if (width>0) FILL(' ', width-1);
           CHECK(n);
           memcpy(buf+blen, c, n);
           blen += n;
-- 
cgit v1.2.3