* sprintf.c (rb_f_sprintf): more checks for format argument.

[ruby-core:11569], [ruby-core:11570], [ruby-core:11571], [ruby-core:11573] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@13011 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2007-08-15 21:10:38 +0000
committer: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2007-08-15 21:10:38 +0000
commit: 594023fb21b10d583ff0473a2ad6aec662922ec1 (patch)
tree: 7bb9d0bc09af026ef9deb30998ed36dd77dc3adc
parent: 3d61f7c3d335306443781d8c975e330a1ce26ada (diff)
3 files changed, 44 insertions, 29 deletions
diff --git a/ChangeLog b/ChangeLog
index d130e20c84..772ef5d382 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Thu Aug 16 06:08:53 2007  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* sprintf.c (rb_f_sprintf): more checks for format argument.
+	  [ruby-core:11569], [ruby-core:11570], [ruby-core:11571],
+	  [ruby-core:11573]
+
 Thu Aug 16 05:39:31 2007  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* bignum.c (bignorm): do not empty Bignum.  [ruby-dev:31229]
diff --git a/sprintf.c b/sprintf.c
index fbab4ba016..c762d086b4 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -82,6 +82,7 @@ sign_bits(base, p)
 #define FSPACE 16
 #define FWIDTH 32
 #define FPREC  64
+#define FPREC0 128
 
 #define CHECK(l) do {\
     while (blen + (l) >= bsiz) {\
@@ -110,9 +111,7 @@ sign_bits(base, p)
 #define GETNTHARG(nth) \
     ((nth >= argc) ? (rb_raise(rb_eArgError, "too few arguments"), 0) : argv[nth])
 
-#define GETASTER(val) do { \
-    t = p++; \
-    n = 0; \
+#define GETNUM(n, val) \
     for (; p < end && ISDIGIT(*p); p++) { \
 	int next_n = 10 * n + (*p - '0'); \
         if (next_n / 10 != n) {\
@@ -122,7 +121,12 @@ sign_bits(base, p)
     } \
     if (p >= end) { \
 	rb_raise(rb_eArgError, "malformed format string - %%*[0-9]"); \
-    } \
+    }
+
+#define GETASTER(val) do { \
+    t = p++; \
+    n = 0; \
+    GETNUM(n, val); \
     if (*p == '$') { \
 	tmp = GETPOSARG(n); \
     } \
@@ -257,6 +261,21 @@ rb_f_sprintf(argc, argv)
     VALUE tmp;
     VALUE str;
 
+#define CHECK_FOR_WIDTH(f)				 \
+    if ((f) & FWIDTH) {					 \
+	rb_raise(rb_eArgError, "width given twice");	 \
+    }							 \
+    if ((f) & FPREC0) {					 \
+	rb_raise(rb_eArgError, "width after precision"); \
+    }
+#define CHECK_FOR_FLAGS(f)				 \
+    if ((f) & FWIDTH) {					 \
+	rb_raise(rb_eArgError, "flag after width");	 \
+    }							 \
+    if ((f) & FPREC0) {					 \
+	rb_raise(rb_eArgError, "flag after precision"); \
+    }
+
     fmt = GETNTHARG(0);
     if (OBJ_TAINTED(fmt)) tainted = 1;
     StringValue(fmt);
@@ -292,43 +311,40 @@ rb_f_sprintf(argc, argv)
 	    break;
 
 	  case ' ':
+	    CHECK_FOR_FLAGS(flags);
 	    flags |= FSPACE;
 	    p++;
 	    goto retry;
 
 	  case '#':
+	    CHECK_FOR_FLAGS(flags);
 	    flags |= FSHARP;
 	    p++;
 	    goto retry;
 
 	  case '+':
+	    CHECK_FOR_FLAGS(flags);
 	    flags |= FPLUS;
 	    p++;
 	    goto retry;
 
 	  case '-':
+	    CHECK_FOR_FLAGS(flags);
 	    flags |= FMINUS;
 	    p++;
 	    goto retry;
 
 	  case '0':
+	    CHECK_FOR_FLAGS(flags);
 	    flags |= FZERO;
 	    p++;
 	    goto retry;
 
 	  case '1': case '2': case '3': case '4':
 	  case '5': case '6': case '7': case '8': case '9':
+	    CHECK_FOR_WIDTH(flags);
 	    n = 0;
-	    for (; p < end && ISDIGIT(*p); p++) {
-		int next_n = 10 * n + (*p - '0');
-		if (next_n / 10 != n) {
-		    rb_raise(rb_eArgError, "width too big");
-		}
-		n = 10 * n + (*p - '0');
-	    }
-	    if (p >= end) {
-		rb_raise(rb_eArgError, "malformed format string - %%[0-9]");
-	    }
+	    GETNUM(n, width);
 	    if (*p == '$') {
 		if (nextvalue != Qundef) {
 		    rb_raise(rb_eArgError, "value given twice - %d$", n);
@@ -342,10 +358,7 @@ rb_f_sprintf(argc, argv)
 	    goto retry;
 
 	  case '*':
-	    if (flags & FWIDTH) {
-		rb_raise(rb_eArgError, "width given twice");
-	    }
-
+	    CHECK_FOR_WIDTH(flags);
 	    flags |= FWIDTH;
 	    GETASTER(width);
 	    if (width < 0) {
@@ -356,10 +369,10 @@ rb_f_sprintf(argc, argv)
 	    goto retry;
 
 	  case '.':
-	    if (flags & FPREC) {
+	    if (flags & FPREC0) {
 		rb_raise(rb_eArgError, "precision given twice");
 	    }
-	    flags |= FPREC;
+	    flags |= FPREC|FPREC0;
 
 	    prec = 0;
 	    p++;
@@ -372,17 +385,12 @@ rb_f_sprintf(argc, argv)
 		goto retry;
 	    }
 
-	    for (; p < end && ISDIGIT(*p); p++) {
-		prec = 10 * prec + (*p - '0');
-	    }
-	    if (p >= end) {
-		rb_raise(rb_eArgError, "malformed format string - %%.[0-9]");
-	    }
+	    GETNUM(prec, precision);
 	    goto retry;
 
 	  case '\n':
-	    p--;
 	  case '\0':
+	    p--;
 	  case '%':
 	    if (flags != FNONE) {
 		rb_raise(rb_eArgError, "illegal format character - %%");
@@ -471,7 +479,7 @@ rb_f_sprintf(argc, argv)
 	    {
 		volatile VALUE val = GETARG();
 		char fbuf[32], nbuf[64], *s, *t;
-		char *prefix = 0;
+		const char *prefix = 0;
 		int sign = 0;
 		char sc = 0;
 		long v = 0;
@@ -548,6 +556,7 @@ rb_f_sprintf(argc, argv)
 		  default:
 		    base = 10; break;
 		}
+
 		if (!bignum) {
 		    if (base == 2) {
 			val = rb_int2big(v);
diff --git a/version.h b/version.h
index 0e2e8c35b0..16f6d9f52e 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2007-08-16"
 #define RUBY_VERSION_CODE 185
 #define RUBY_RELEASE_CODE 20070816
-#define RUBY_PATCHLEVEL 74
+#define RUBY_PATCHLEVEL 75
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
author	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-08-15 21:10:38 +0000
committer	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-08-15 21:10:38 +0000
commit	594023fb21b10d583ff0473a2ad6aec662922ec1 (patch)
tree	7bb9d0bc09af026ef9deb30998ed36dd77dc3adc
parent	3d61f7c3d335306443781d8c975e330a1ce26ada (diff)