fix out-of-bounds read in basic_format_args::get

Run lint workflow on all PRs to fix stuck required checks
The lint workflow was path-filtered to source files, so PRs that didn't touch them never ran clang-format/cmake-format. Since those checks are required, such PRs were blocked forever waiting for a status that never came. Drop the paths filter so the workflow always reports a status.
2026-06-15 08:26:13 +08:00 · 2026-06-09 07:06:13 -07:00 · 2026-06-09 15:56:50 +02:00 · 2026-06-09 15:48:28 +02:00
4 changed files with 16 additions and 7 deletions
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -2,11 +2,6 @@ name: lint

 on:
  pull_request:
-    paths:
-      - '**.h'
-      - '**.cc'
-      - '**.cmake'
-      - '**/CMakeLists.txt'

 permissions:
  contents: read
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -87,7 +87,10 @@ jobs:
    permissions:
      actions: read
      id-token: write
-      contents: read
+      # contents: write is required because the generator's (skipped)
+      # upload-assets job declares it, and a reusable workflow's job
+      # permissions may not exceed the caller's, or the run fails at startup.
+      contents: write
    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
    with:
      base64-subjects: ${{ needs.build.outputs.hashes }}
--- a/include/fmt/base.h
+++ b/include/fmt/base.h
@ -2593,7 +2593,7 @@ template <typename Context> class basic_format_args {
  FMT_CONSTEXPR auto get(int id) const -> format_arg {
    auto arg = format_arg();
    if (!is_packed()) {
-      if (id < max_size()) arg = args_[id];
+      if (unsigned(id) < unsigned(max_size())) arg = args_[id];
      return arg;
    }
    if (unsigned(id) >= detail::max_packed_args) return arg;
--- a/test/printf-test.cc
+++ b/test/printf-test.cc
@ -116,6 +116,17 @@ TEST(printf_test, invalid_arg_index) {
                   "argument not found");
 }

+TEST(printf_test, zero_positional_width_precision) {
+  // A '0' positional index for a '*' width or precision must be rejected. Use
+  // enough arguments to exercise the unpacked argument storage path.
+  EXPECT_THROW_MSG(test_sprintf("%*0$d", 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
+                                13, 14, 15, 16),
+                   format_error, "argument not found");
+  EXPECT_THROW_MSG(test_sprintf("%.*0$d", 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
+                                13, 14, 15, 16),
+                   format_error, "argument not found");
+}
+
 TEST(printf_test, default_align_right) {
  EXPECT_PRINTF("   42", "%5d", 42);
  EXPECT_PRINTF("  abc", "%5s", "abc");