From: Daniel Stenberg Date: Mon, 17 Oct 2022 15:56:26 +0000 (+0200) Subject: mprintf: reject two kinds of precision for the same argument X-Git-Tag: curl-7_86_0~39 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dae84805dede4babaa45370bb9fc611ca2fee6cc;p=thirdparty%2Fcurl.git mprintf: reject two kinds of precision for the same argument An input like "%.*1$.9999d" would first use the precision taken as an argument *and* then the precision specified in the string, which is confusing and wrong. pass1 will now instead return error on this double use. Adjusted unit test 1398 to verify Reported-by: Peter Goodman Closes #9754 --- diff --git a/lib/mprintf.c b/lib/mprintf.c index 24c1dd555e..8a7c17a7ff 100644 --- a/lib/mprintf.c +++ b/lib/mprintf.c @@ -318,6 +318,11 @@ static int dprintf_Pass1(const char *format, struct va_stack *vto, flags |= FLAGS_PREC; precision = strtol(fmt, &fmt, 10); } + if((flags & (FLAGS_PREC | FLAGS_PRECPARAM)) == + (FLAGS_PREC | FLAGS_PRECPARAM)) + /* it is not permitted to use both kinds of precision for the same + argument */ + return 1; break; case 'h': flags |= FLAGS_SHORT; diff --git a/tests/unit/unit1398.c b/tests/unit/unit1398.c index f68e43ecfa..662e3bdbc2 100644 --- a/tests/unit/unit1398.c +++ b/tests/unit/unit1398.c @@ -89,4 +89,8 @@ rc = curl_msnprintf(output, 16, "%8d%8d", 1234, 5678); fail_unless(rc == 15, "return code should be 15"); fail_unless(!strcmp(output, " 1234 567"), "wrong output"); +/* double precision */ +rc = curl_msnprintf(output, 24, "%.*1$.99d", 3, 5678); +fail_unless(rc == 0, "return code should be 0"); + UNITTEST_STOP