From patchwork Sun Dec 6 14:09:42 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gioele Barabucci X-Patchwork-Id: 7778931 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-dash@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 5B8D5BEEE1 for ; Sun, 6 Dec 2015 14:10:00 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4067220328 for ; Sun, 6 Dec 2015 14:09:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0C53920304 for ; Sun, 6 Dec 2015 14:09:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753156AbbLFOJ5 (ORCPT ); Sun, 6 Dec 2015 09:09:57 -0500 Received: from plane.gmane.org ([80.91.229.3]:49557 "EHLO plane.gmane.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753132AbbLFOJ4 (ORCPT ); Sun, 6 Dec 2015 09:09:56 -0500 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1a5a0f-0001Hq-DY for dash@vger.kernel.org; Sun, 06 Dec 2015 15:09:53 +0100 Received: from x4db6bd17.dyn.telefonica.de ([77.182.189.23]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 06 Dec 2015 15:09:53 +0100 Received: from gioele by x4db6bd17.dyn.telefonica.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 06 Dec 2015 15:09:53 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: dash@vger.kernel.org From: Gioele Barabucci Subject: [PATCH] [BUILTIN] Reject malformed printf specifications with digits after '*' Date: Sun, 6 Dec 2015 15:09:42 +0100 Lines: 107 Message-ID: Mime-Version: 1.0 X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: x4db6bd17.dyn.telefonica.de X-Mozilla-News-Host: news://news://news://news://news.gmane.org:119 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 Sender: dash-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: dash@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, T_TVD_MIME_EPI, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hello, I am forwarding a patch related to the bug described at . You can find the same patch at . I refreshed the patch to be compatible with the current code, but left the original author as the git author. I hope this is fine. Regards, --- Gioele Barabucci From ebdd2d7992c4b2bf49d9af2eed33e3c18c86dfc6 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Mon, 2 Mar 2015 23:10:09 -0500 Subject: [PATCH] [BUILTIN] Reject malformed printf specifications with digits after '*' Dash doesn't notice when a format string has digits following a * width specifier. $ dash -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' %10s FAIL $ bash -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' bash: line 0: printf: `0': invalid format character OK $ mksh -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' printf: %*0: invalid conversion specification OK With this patch dash complains about the malformed specifications. $ ./src/dash -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' ./src/dash: 1: printf: %*0: invalid directive OK Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779618 Originally-by: Patrick Brown Forwarded-by: Gioele Barabucci --- src/bltin/printf.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/bltin/printf.c b/src/bltin/printf.c index 9673e10..83077a7 100644 --- a/src/bltin/printf.c +++ b/src/bltin/printf.c @@ -175,17 +175,20 @@ pc: /* skip to field width */ fmt += strspn(fmt, SKIP1); - if (*fmt == '*') + if (*fmt == '*') { *param++ = getuintmax(1); - - /* skip to possible '.', get following precision */ - fmt += strspn(fmt, SKIP2); - if (*fmt == '.') ++fmt; - if (*fmt == '*') - *param++ = getuintmax(1); - - fmt += strspn(fmt, SKIP2); + } else + /* skip to possible '.', get following precision */ + fmt += strspn(fmt, SKIP2); + if (*fmt == '.') { + ++fmt; + if (*fmt == '*') { + *param++ = getuintmax(1); + ++fmt; + } else + fmt += strspn(fmt, SKIP2); + } ch = *fmt; if (!ch) -- 2.6.2