coffee/fmt
1
0
Fork 0
mirror of https://github.com/fmtlib/fmt.git synced 2026-04-30 19:09:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix out-of-bounds read in vprintf with trailing '%' (#4742)

Browse Source
This commit is contained in:
Raúl Marín 2026-04-10 21:23:57 +02:00 committed by GitHub
parent be98ea8add
commit 4ccf1d4faf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/fmt/printf.h
View File

@ -438,6 +438,8 @@ void vprintf(buffer<Char>& buf, basic_string_view<Char> format,
}
write(out, basic_string_view<Char>(start, to_unsigned(it - 1 - start)));
if (it == end) report_error("invalid format string");
auto specs = format_specs();
specs.set_align(align::right);

10
test/printf-test.cc
View File

@ -46,6 +46,14 @@ auto test_sprintf(fmt::basic_string_view<wchar_t> format, const Args&... args)
TEST(printf_test, no_args) { EXPECT_EQ("test", test_sprintf("test")); }
TEST(printf_test, trailing_percent) {
EXPECT_THROW_MSG(test_sprintf("%"), format_error, "invalid format string");
EXPECT_THROW_MSG(test_sprintf("hello%"), format_error,
"invalid format string");
EXPECT_THROW_MSG(test_sprintf("%1$d%", 1, 2), format_error,
"invalid format string");
}
TEST(printf_test, escape) {
EXPECT_EQ("%", test_sprintf("%%"));
EXPECT_EQ("before %", test_sprintf("before %%"));
@ -76,8 +84,6 @@ TEST(printf_test, number_is_too_big_in_arg_index) {
}
TEST(printf_test, switch_arg_indexing) {
EXPECT_THROW_MSG(test_sprintf("%1$d%", 1, 2), format_error,
"cannot switch from manual to automatic argument indexing");
EXPECT_THROW_MSG(test_sprintf(format("%1$d%{}d", big_num), 1, 2),
format_error, "number is too big");
EXPECT_THROW_MSG(test_sprintf("%1$d%d", 1, 2), format_error,