[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bash 2.05 core dump with 'printf "%.*s" 0 foo'
From: |
Paul Eggert |
Subject: |
Bash 2.05 core dump with 'printf "%.*s" 0 foo' |
Date: |
Fri, 27 Apr 2001 10:27:05 -0700 (PDT) |
Configuration Information [Automatically generated, do not change]:
Machine: sparc
OS: solaris2.7
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='sparc'
-DCONF_OSTYPE='solaris2.7' -DCONF_MACHTYPE='sparc-sun-solaris2.7'
-DCONF_VENDOR='sun' -DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib
-I/opt/reb/include -g -O2
uname output: SunOS shade.twinsun.com 5.8 Generic_108528-07 sun4u sparc
SUNW,Ultra-1
Machine Type: sparc-sun-solaris2.7
Bash Version: 2.05
Patch Level: 0
Release Status: release
Description:
Bash can dump core when user-supplied printf field widths or
precisions are zero.
Repeat-By:
$ printf "%.*s" 0 foo
Segmentation Fault(coredump)
Fix:
2001-04-27 Paul Eggert <eggert@twinsun.com>
* builtins/printf.def (PF): Use fieldwith only if
have_fieldwidth is nonzero; likewise for precision.
(printf_builtin): Keep track of whether we have the fieldwidth
and precision, instead of using 0 as a special value indicating
no value. This avoids a core dump when the user specifies a
zero field width or precision.
===================================================================
RCS file: builtins/printf.def,v
retrieving revision 2.5.0.2
retrieving revision 2.5.0.3
diff -pu -r2.5.0.2 -r2.5.0.3
--- builtins/printf.def 2001/04/27 16:43:24 2.5.0.2
+++ builtins/printf.def 2001/04/27 17:24:33 2.5.0.3
@@ -63,11 +63,11 @@ extern int errno;
#define PF(f, func) \
do { \
- if (fieldwidth && precision) \
+ if (have_fieldwidth && have_precision) \
(void)printf(f, fieldwidth, precision, func); \
- else if (fieldwidth && precision == 0) \
+ else if (have_fieldwidth) \
(void)printf(f, fieldwidth, func); \
- else if (precision) \
+ else if (have_precision) \
(void)printf(f, precision, func); \
else \
(void)printf(f, func); \
@@ -101,6 +101,7 @@ printf_builtin (list)
WORD_LIST *list;
{
int ch, end, fieldwidth, precision, foundmod, fmtlen;
+ int have_fieldwidth, have_precision;
char convch, nextch, *format, *fmt, *start;
retval = EXECUTION_SUCCESS;
@@ -147,6 +148,7 @@ printf_builtin (list)
for (fmt = format; *fmt; fmt++)
{
precision = fieldwidth = foundmod = 0;
+ have_fieldwidth = have_precision = 0;
if (*fmt == '\\')
{
@@ -177,7 +179,11 @@ printf_builtin (list)
/* found format specification, skip to field width */
for (; *fmt && strchr(SKIP1, *fmt); ++fmt)
;
- fieldwidth = (*fmt == '*') ? getint () : 0;
+ if (*fmt == '*')
+ {
+ fieldwidth = getint ();
+ have_fieldwidth = 1;
+ }
/* skip to possible '.', get following precision */
for (; *fmt && strchr(SKIP2, *fmt); ++fmt)
@@ -185,7 +191,11 @@ printf_builtin (list)
if (*fmt == '.')
{
++fmt;
- precision = (*fmt == '*') ? getint () : 0;
+ if (*fmt == '*')
+ {
+ precision = getint ();
+ have_precision = 1;
+ }
}
/* skip to conversion char */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bash 2.05 core dump with 'printf "%.*s" 0 foo',
Paul Eggert <=