diff options
| -rw-r--r-- | lib.c | 6 | ||||
| -rw-r--r-- | tests/custom/03_bugs/19_truncated_format_string | 14 |
2 files changed, 19 insertions, 1 deletions
@@ -1227,7 +1227,7 @@ uc_printf_common(uc_vm *vm, size_t nargs, uc_stringbuf_t *buf) memset(&arg, 0, sizeof(arg)); - while (strchr("0- ", *p)) { + while (*p != '\0' && strchr("0- ", *p)) { if (fp + 1 >= sfmt + sizeof(sfmt)) goto next; @@ -1353,6 +1353,10 @@ uc_printf_common(uc_vm *vm, size_t nargs, uc_stringbuf_t *buf) break; + case '\0': + p--; + /* fall through */ + default: goto next; } diff --git a/tests/custom/03_bugs/19_truncated_format_string b/tests/custom/03_bugs/19_truncated_format_string new file mode 100644 index 0000000..8ddd0a3 --- /dev/null +++ b/tests/custom/03_bugs/19_truncated_format_string @@ -0,0 +1,14 @@ +When processing a truncated format string, uc_printf_common() - which is +used by `sprintf()` and `printf()` in ucode - appended trailing garbage +to the resulting string. + +-- Expect stdout -- +[ 37, null ] +-- End -- + +-- Testcase -- +{% + let s = sprintf("%"); + print(ord(s, 0, 1), "\n"); +%} +-- End -- |