lib: gracefully handle truncated format strings in uc_printf_common()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2021-05-03 23:28:07 +0200
committer: Jo-Philipp Wich <jo@mein.io> 2021-05-04 11:42:58 +0200
commit: f2eaea3be2ebf87e2837b728e5a0c67eedf296f5 (patch)
tree: 18ea83874b4bd55608cc51638cfbc50f48638f0e
parent: 02629b84de23bdc5896ac4b357e2f16dfb3996ec (diff)
2 files changed, 19 insertions, 1 deletions
diff --git a/lib.c b/lib.c
index a9a61fa..d6889c6 100644
--- a/lib.c
+++ b/lib.c
@@ -1227,7 +1227,7 @@ uc_printf_common(uc_vm *vm, size_t nargs, uc_stringbuf_t *buf)
 
 			memset(&arg, 0, sizeof(arg));
 
-			while (strchr("0- ", *p)) {
+			while (*p != '\0' && strchr("0- ", *p)) {
 				if (fp + 1 >= sfmt + sizeof(sfmt))
 					goto next;
 
@@ -1353,6 +1353,10 @@ uc_printf_common(uc_vm *vm, size_t nargs, uc_stringbuf_t *buf)
 
 				break;
 
+			case '\0':
+				p--;
+				/* fall through */
+
 			default:
 				goto next;
 			}
diff --git a/tests/custom/03_bugs/19_truncated_format_string b/tests/custom/03_bugs/19_truncated_format_string
new file mode 100644
index 0000000..8ddd0a3
--- /dev/null
+++ b/tests/custom/03_bugs/19_truncated_format_string
@@ -0,0 +1,14 @@
+When processing a truncated format string, uc_printf_common() - which is
+used by `sprintf()` and `printf()` in ucode - appended trailing garbage
+to the resulting string.
+
+-- Expect stdout --
+[ 37, null ]
+-- End --
+
+-- Testcase --
+{%
+	let s = sprintf("%");
+	print(ord(s, 0, 1), "\n");
+%}
+-- End --
author	Jo-Philipp Wich <jo@mein.io>	2021-05-03 23:28:07 +0200
committer	Jo-Philipp Wich <jo@mein.io>	2021-05-04 11:42:58 +0200
commit	f2eaea3be2ebf87e2837b728e5a0c67eedf296f5 (patch)
tree	18ea83874b4bd55608cc51638cfbc50f48638f0e
parent	02629b84de23bdc5896ac4b357e2f16dfb3996ec (diff)