Jim Tcl
Check-in [51a1a67f58]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:format: Validate too many flags in format string

Avoid a stack overflow

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au>

Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:51a1a67f584c0e0454d73d570bf50295868b959b
User & Date: steveb@workware.net.au 2017-05-12 03:02:03
Context
2017-05-12
03:02
format: Restrict formatted fields to a reasonable size

Calling the system sprintf() with overly long sizes can cause problems, so limit field size to 10000.

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: d9e8462879 user: steveb@workware.net.au tags: trunk

03:02
format: Validate too many flags in format string

Avoid a stack overflow

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: 51a1a67f58 user: steveb@workware.net.au tags: trunk

03:02
exec: Fix check for | and |&

These are only allowed as separate args. One check was allowing them as a prefix which could lead to an invalid memory access

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: f020c0b233 user: steveb@workware.net.au tags: trunk

Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to jim-format.c.

173
174
175
176
177
178
179

180
181
182
183
184
185
186
187
            default:
                sawFlag = 0;
                continue;
            }
            *p++ = ch;
            format += step;
            step = utf8_tounicode(format, &ch);

        } while (sawFlag);

        /*
         * Step 3. Minimum field width.
         */

        width = 0;
        if (isdigit(ch)) {







>
|







173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
            default:
                sawFlag = 0;
                continue;
            }
            *p++ = ch;
            format += step;
            step = utf8_tounicode(format, &ch);
            /* Only allow one of each flag, so if we have more than 5 flags, stop */
        } while (sawFlag && (p - spec <= 5));

        /*
         * Step 3. Minimum field width.
         */

        width = 0;
        if (isdigit(ch)) {

Changes to regtest.tcl.

301
302
303
304
305
306
307





308
309
310
puts "TEST 41 PASSED"

# REGTEST 42
# | and |& are not acceptable as prefixes
catch {exec dummy |x second}
puts "TEST 42 PASSED"






# TAKE THE FOLLOWING puts AS LAST LINE

puts "--- ALL TESTS PASSED ---"







>
>
>
>
>



301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
puts "TEST 41 PASSED"

# REGTEST 42
# | and |& are not acceptable as prefixes
catch {exec dummy |x second}
puts "TEST 42 PASSED"

# REGTEST 43
# too many flags to format
catch {format %----------------------------------------d 1}
puts "TEST 43 PASSED"

# TAKE THE FOLLOWING puts AS LAST LINE

puts "--- ALL TESTS PASSED ---"