From f3192303ab562b3b21a73faa1267bf85173d0e5a Mon Sep 17 00:00:00 2001 From: Chloe Kudryavtsev Date: Wed, 19 Apr 2023 12:55:25 -0400 Subject: [PATCH 1/2] check for NULL in get_fmt_mapping (fixes #1105) When there is no format to be found after a %, get_fmt_mapping returns NULL. It then gets called against strlen, which is a typical SEGV. Check for NULL aginst mapping, which signals a null format being specified. --- src/core/pp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/core/pp.c b/src/core/pp.c index cd545ad1..d55b8536 100644 --- a/src/core/pp.c +++ b/src/core/pp.c @@ -811,6 +811,7 @@ static const char *scanformat( while (p2 <= p) { if (strchr(FMT_REPLACE_INTTYPES, *p2) != NULL) { const char *mapping = get_fmt_mapping(*p2++); + if (!mapping) janet_panic("invalid format (found null)"); size_t len = strlen(mapping); strcpy(form, mapping); form += len; From 0902a5a981a7906b8306487fe92c1d4e824a7f8f Mon Sep 17 00:00:00 2001 From: Chloe Kudryavtsev Date: Thu, 20 Apr 2023 11:51:11 -0400 Subject: [PATCH 2/2] improve null format handling there was a request to improve the error message, but the whole function has non-informative errors. (both functions, actually, since the code is duplicated) as such, instead of catching it directly, address the assumption that led to the SIGSEGV and let it be caught by the functions themselves, thus reusing existing error messages (which can then be improved separately). --- src/core/pp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/pp.c b/src/core/pp.c index d55b8536..d058cb1e 100644 --- a/src/core/pp.c +++ b/src/core/pp.c @@ -809,9 +809,9 @@ static const char *scanformat( *(form++) = '%'; const char *p2 = strfrmt; while (p2 <= p) { - if (strchr(FMT_REPLACE_INTTYPES, *p2) != NULL) { + char *loc = strchr(FMT_REPLACE_INTTYPES, *p2); + if (loc != NULL && *loc != '\0') { const char *mapping = get_fmt_mapping(*p2++); - if (!mapping) janet_panic("invalid format (found null)"); size_t len = strlen(mapping); strcpy(form, mapping); form += len;