archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

printf: Report error if missing padding character

Browse source
This commit is contained in:
Nikita Popov 2020-04-22 10:11:58 +02:00
parent 0b99017516
commit 30a5f3da99
2 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ext/standard/formatted_print.c
View file

@ -470,10 +470,16 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n
/* space padding, the default */ /* space padding, the default */
} else if (*format == '+') { } else if (*format == '+') {
always_sign = 1; always_sign = 1;
} else if (*format == '\'' && format_len > 1) { } else if (*format == '\'') {
format++; if (format_len > 1) {
format_len--; format++;
padding = *format; format_len--;
padding = *format;
} else {
zend_value_error("Missing padding character");
zend_string_efree(result);
return NULL;
}
} else { } else {
PRINTF_DEBUG(("sprintf: end of modifiers\n")); PRINTF_DEBUG(("sprintf: end of modifiers\n"));
break; break;

8
ext/standard/tests/strings/bug67249.phpt
View file

@ -2,7 +2,11 @@
Bug #67249 (printf out-of-bounds read) Bug #67249 (printf out-of-bounds read)
--FILE-- --FILE--
<?php <?php
var_dump(sprintf("%'", "foo")); try {
var_dump(sprintf("%'", "foo"));
} catch (ValueError $e) {
echo $e->getMessage(), "\n";
}
?> ?>
--EXPECT-- --EXPECT--
string(0) "" Missing padding character