From: Marcus Holland-Moritz Date: Sat, 14 Jun 2003 12:51:31 +0000 (+0200) Subject: strchr() running amok in sv_vcatpvfn() X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=bc3e8b6e7257ce0b7af7dcd5f3c2ff55a3b60ae3;p=p5sagit%2Fp5-mst-13.2.git strchr() running amok in sv_vcatpvfn() From: "Marcus Holland-Moritz" Message-ID: <041901c33262$eac8ae30$f248eed9@R2D2> (choosing the safe alternative) p4raw-id: //depot/perl@19779 --- diff --git a/sv.c b/sv.c index d1324fc..ed37411 100644 --- a/sv.c +++ b/sv.c @@ -8431,6 +8431,24 @@ Perl_sv_vsetpvfn(pTHX_ SV *sv, const char *pat, STRLEN patlen, va_list *args, SV sv_vcatpvfn(sv, pat, patlen, args, svargs, svmax, maybe_tainted); } +/* strnchr(): private function for use in sv_vcatpvfn() + * + * Like strchr(), but allows to use strings that are not null-terminated. + * The string length must be given instead and it _must_ be correct, as + * the function does not stop searching when a '\0' is discovered. + * This would also allow to explicitly search for '\0' characters. + */ + +static const char * +strnchr(const char* s, int c, size_t n) +{ + if (s) + for (; n > 0; n--, s++) + if ((int)*s == c) + return s; + return NULL; +} + /* private function for use in sv_vcatpvfn via the EXPECT_NUMBER macro */ STATIC I32 @@ -9329,7 +9347,11 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const char *pat, STRLEN patlen, va_list *args, SV p = SvEND(sv); *p = '\0'; } - if (left && ckWARN(WARN_PRINTF) && strchr(eptr, '\n') && + /* Don't use strchr() here, because eptr does not necessarily point */ + /* to a null-terminated string. E.g. with the format "%-10c", eptr */ + /* points to c (a single char on the stack), which makes strchr() */ + /* run amok over the stack until it eventually hits '\n' or '\0'. */ + if (left && ckWARN(WARN_PRINTF) && strnchr(eptr, '\n', elen) && (PL_op->op_type == OP_PRTF || PL_op->op_type == OP_SPRINTF)) Perl_warner(aTHX_ packWARN(WARN_PRINTF), "Newline in left-justified string for %sprintf",