From ebdd2d7992c4b2bf49d9af2eed33e3c18c86dfc6 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Mon, 2 Mar 2015 23:10:09 -0500 Subject: [PATCH] [BUILTIN] Reject malformed printf specifications with digits after '*' Dash doesn't notice when a format string has digits following a * width specifier. $ dash -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' %10s FAIL $ bash -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' bash: line 0: printf: `0': invalid format character OK $ mksh -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' printf: %*0: invalid conversion specification OK With this patch dash complains about the malformed specifications. $ ./src/dash -c 'printf "%*0s " 1 2 && echo FAIL || echo OK' ./src/dash: 1: printf: %*0: invalid directive OK Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779618 Originally-by: Patrick Brown Forwarded-by: Gioele Barabucci --- src/bltin/printf.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/bltin/printf.c b/src/bltin/printf.c index 9673e10..83077a7 100644 --- a/src/bltin/printf.c +++ b/src/bltin/printf.c @@ -175,17 +175,20 @@ pc: /* skip to field width */ fmt += strspn(fmt, SKIP1); - if (*fmt == '*') + if (*fmt == '*') { *param++ = getuintmax(1); - - /* skip to possible '.', get following precision */ - fmt += strspn(fmt, SKIP2); - if (*fmt == '.') ++fmt; - if (*fmt == '*') - *param++ = getuintmax(1);