bug: string.format("%") reads past the string

author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2006-09-18 13:33:14 -0300
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2006-09-18 13:33:14 -0300
commit: 93d3c8450c7a78321cf7f9db9173d46c62ebe958 (patch)
tree: ba2626af9edbf90afdb02edb836020c693742d99
parent: 8667f29c3b9e56fb6bd4f9de8c096e0331be555d (diff)
download: lua-93d3c8450c7a78321cf7f9db9173d46c62ebe958.tar.gz
lua-93d3c8450c7a78321cf7f9db9173d46c62ebe958.tar.bz2
lua-93d3c8450c7a78321cf7f9db9173d46c62ebe958.zip
2 files changed, 56 insertions, 2 deletions
diff --git a/bugs b/bugs
index ad6d0f07..eaf2fd26 100644
--- a/bugs
+++ b/bugs
@@ -798,6 +798,32 @@ patch = [[
 }
+Bug{
+what = [[Some "not not exp" may not result in boolean values]],
+report = [[]],
+since = [[4.0]],
+example = [[
+-- should print false, but prints nil
+print(not not (nil and 4))
+]],
+patch = [[]],
+}
+Bug{
+what = [[On some machines, closing a "piped file" (created with io.popen)
+may crash Lua]],
+report = [[]],
+since = [[5.0]],
+example = [[
+-- only on some machines
+  f = io.popen("ls")
+  f:close()
+]],
+patch = [[]],
+}
 -----------------------------------------------------------------
 -- Lua 5.1
@@ -1095,3 +1121,31 @@ patch = [[
 ]],
 }
+Bug{
+what = [[string.format("%") reads past the string]],
+report = [[Roberto, on 09/2006]],
+since = [[5.0 (at least)]],
+example = [[print(string.format("%"))]],
+patch = [[
+*lstrlib.c:
+@@ -723,7 +723,7 @@
+ static const char *scanformat (lua_State *L, const char *strfrmt, char *form) {   const char *p = strfrmt;
+-  while (strchr(FLAGS, *p)) p++;  /* skip flags */
+  while (*p != '\0' && strchr(FLAGS, *p) != NULL) p++;  /* skip flags */
+   if ((size_t)(p - strfrmt) >= sizeof(FLAGS))
+     luaL_error(L, "invalid format (repeated flags)");
+   if (isdigit(uchar(*p))) p++;  /* skip width */
+]],
+}
+Bug{
+what = [[  ]],
+report = [[  ]],
+since = [[  ]],
+example = [[  ]],
+patch = [[  ]],
+}
diff --git a/lstrlib.c b/lstrlib.c
index 641c3227..bcc1f7a8 100644
--- a/lstrlib.c
+++ b/lstrlib.c
@@ -1,5 +1,5 @@
 /*
-** $Id: lstrlib.c,v 1.133 2006/06/22 16:12:59 roberto Exp roberto $
+** $Id: lstrlib.c,v 1.134 2006/09/11 14:07:24 roberto Exp roberto $
 ** Standard library for string operations and pattern-matching
 ** See Copyright Notice in lua.h
 */
@@ -723,7 +723,7 @@ static void addquoted (lua_State *L, luaL_Buffer *b, int arg) {
 static const char *scanformat (lua_State *L, const char *strfrmt, char *form) {
  const char *p = strfrmt;
-  while (strchr(FLAGS, *p)) p++;  /* skip flags */
+  while (*p != '\0' && strchr(FLAGS, *p) != NULL) p++;  /* skip flags */
  if ((size_t)(p - strfrmt) >= sizeof(FLAGS))
    luaL_error(L, "invalid format (repeated flags)");
  if (isdigit(uchar(*p))) p++;  /* skip width */
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2006-09-18 13:33:14 -0300
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2006-09-18 13:33:14 -0300
commit	93d3c8450c7a78321cf7f9db9173d46c62ebe958 (patch)
tree	ba2626af9edbf90afdb02edb836020c693742d99
parent	8667f29c3b9e56fb6bd4f9de8c096e0331be555d (diff)
download	lua-93d3c8450c7a78321cf7f9db9173d46c62ebe958.tar.gz lua-93d3c8450c7a78321cf7f9db9173d46c62ebe958.tar.bz2 lua-93d3c8450c7a78321cf7f9db9173d46c62ebe958.zip

diff --git a/bugs b/bugs index ad6d0f07..eaf2fd26 100644 --- a/bugs +++ b/bugs
@@ -798,6 +798,32 @@ patch = [[
798	}	798	}
799		799
800		800
		801	Bug{
		802	what = [[Some "not not exp" may not result in boolean values]],
		803	report = [[]],
		804	since = [[4.0]],
		805	example = [[
		806	-- should print false, but prints nil
		807	print(not not (nil and 4))
		808	]],
		809	patch = [[]],
		810	}
		811
		812
		813	Bug{
		814	what = [[On some machines, closing a "piped file" (created with io.popen)
		815	may crash Lua]],
		816	report = [[]],
		817	since = [[5.0]],
		818	example = [[
		819	-- only on some machines
		820	f = io.popen("ls")
		821	f:close()
		822	]],
		823	patch = [[]],
		824	}
		825
		826
801		827
802	-----------------------------------------------------------------	828	-----------------------------------------------------------------
803	-- Lua 5.1	829	-- Lua 5.1
@@ -1095,3 +1121,31 @@ patch = [[
1095	]],	1121	]],
1096		1122
1097	}	1123	}
		1124
		1125
		1126	Bug{
		1127	what = [[string.format("%") reads past the string]],
		1128	report = [[Roberto, on 09/2006]],
		1129	since = [[5.0 (at least)]],
		1130	example = [[print(string.format("%"))]],
		1131	patch = [[
		1132	*lstrlib.c:
		1133	@@ -723,7 +723,7 @@
		1134
		1135	static const char scanformat (lua_State L, const char strfrmt, char form) { const char *p = strfrmt;
		1136	- while (strchr(FLAGS, p)) p++; / skip flags */
		1137	+ while (p != '\0' && strchr(FLAGS, p) != NULL) p++; /* skip flags */
		1138	if ((size_t)(p - strfrmt) >= sizeof(FLAGS))
		1139	luaL_error(L, "invalid format (repeated flags)");
		1140	if (isdigit(uchar(p))) p++; / skip width */
		1141	]],
		1142	}
		1143
		1144
		1145	Bug{
		1146	what = [[ ]],
		1147	report = [[ ]],
		1148	since = [[ ]],
		1149	example = [[ ]],
		1150	patch = [[ ]],
		1151	}


diff --git a/lstrlib.c b/lstrlib.c index 641c3227..bcc1f7a8 100644 --- a/lstrlib.c +++ b/lstrlib.c
@@ -1,5 +1,5 @@
1	/*	1	/*
2	** $Id: lstrlib.c,v 1.133 2006/06/22 16:12:59 roberto Exp roberto $	2	** $Id: lstrlib.c,v 1.134 2006/09/11 14:07:24 roberto Exp roberto $
3	** Standard library for string operations and pattern-matching	3	** Standard library for string operations and pattern-matching
4	** See Copyright Notice in lua.h	4	** See Copyright Notice in lua.h
5	*/	5	*/
@@ -723,7 +723,7 @@ static void addquoted (lua_State L, luaL_Buffer b, int arg) {
723		723
724	static const char scanformat (lua_State L, const char strfrmt, char form) {	724	static const char scanformat (lua_State L, const char strfrmt, char form) {
725	const char *p = strfrmt;	725	const char *p = strfrmt;
726	while (strchr(FLAGS, p)) p++; / skip flags */	726	while (p != '\0' && strchr(FLAGS, p) != NULL) p++; /* skip flags */
727	if ((size_t)(p - strfrmt) >= sizeof(FLAGS))	727	if ((size_t)(p - strfrmt) >= sizeof(FLAGS))
728	luaL_error(L, "invalid format (repeated flags)");	728	luaL_error(L, "invalid format (repeated flags)");
729	if (isdigit(uchar(p))) p++; / skip width */	729	if (isdigit(uchar(p))) p++; / skip width */