Jim Tcl
Check-in [d9e8462879]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:format: Restrict formatted fields to a reasonable size

Calling the system sprintf() with overly long sizes can cause problems, so limit field size to 10000.

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au>

Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:d9e8462879466121b2e556baed0b40851e7db45e
User & Date: steveb@workware.net.au 2017-05-12 03:02:09
Context
2017-05-12
03:02
lsort -unique: Fix case with no duplicates

In this case the final element was written a second time.

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: 24e8023431 user: steveb@workware.net.au tags: trunk

03:02
format: Restrict formatted fields to a reasonable size

Calling the system sprintf() with overly long sizes can cause problems, so limit field size to 10000.

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: d9e8462879 user: steveb@workware.net.au tags: trunk

03:02
format: Validate too many flags in format string

Avoid a stack overflow

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: 51a1a67f58 user: steveb@workware.net.au tags: trunk

Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to jim-format.c.

394
395
396
397
398
399
400







401
402
403
404
405
406
407
                    *p++ = 'l';
                }
#endif
            }

            *p++ = (char) ch;
            *p = '\0';








            /* Adjust length for width and precision */
            if (width > length) {
                length = width;
            }
            if (gotPrecision) {
                length += precision;







>
>
>
>
>
>
>







394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
                    *p++ = 'l';
                }
#endif
            }

            *p++ = (char) ch;
            *p = '\0';

            /* Put some reasonable limits on the field size */
            if (width > 10000 || length > 10000) {
                Jim_SetResultString(interp, "format too long", -1);
                goto error;
            }


            /* Adjust length for width and precision */
            if (width > length) {
                length = width;
            }
            if (gotPrecision) {
                length += precision;