Hi,
I discovered a bug in sprintf()'s argument swapping code. It accepts an
argument number of zero, which is invalid. It is handled in different
ways in different libcs, but i figured the best way to handle it in PHP
was to make the functioncall fail. Patch is attached.
Best regards,
Morten
PS. Thanks to mbn for whining :-)
--
Morten Poulsen <[EMAIL PROTECTED]>
http://www.afdelingp.dk/
Index: ext/standard/formatted_print.c
===================================================================
RCS file: /repository/php4/ext/standard/formatted_print.c,v
retrieving revision 1.46
diff -u -r1.46 formatted_print.c
--- ext/standard/formatted_print.c 28 Feb 2002 08:26:45 -0000 1.46
+++ ext/standard/formatted_print.c 21 Mar 2002 16:26:35 -0000
@@ -479,7 +479,12 @@
temppos = inpos;
while (isdigit((int)format[temppos])) temppos++;
if (format[temppos] == '$') {
- argnum = php_sprintf_getnumber(format, &inpos);
+ if ((argnum = php_sprintf_getnumber(format, &inpos)) == 0) {
+ efree(result);
+ efree(args);
+ php_error(E_WARNING, "%s(): zero is not a valid argument number", get_active_function_name(TSRMLS_C));
+ return NULL;
+ }
inpos++; /* skip the '$' */
} else {
argnum = currarg++;
Index: tests/strings/002.phpt
===================================================================
RCS file: /repository/php4/tests/strings/002.phpt,v
retrieving revision 1.3
diff -u -r1.3 002.phpt
--- tests/strings/002.phpt 9 Apr 2001 15:44:24 -0000 1.3
+++ tests/strings/002.phpt 21 Mar 2002 16:26:36 -0000
@@ -38,6 +38,7 @@
printf("printf test 27:%3\$d %d %d\n", 1, 2, 3);
printf("printf test 28:%2\$02d %1\$2d\n", 1, 2);
printf("printf test 29:%2\$-2d %1\$2d\n", 1, 2);
+print("printf test 30:"); printf("%0\$s", 1); print("x\n");
?>
--EXPECT--
@@ -72,3 +73,4 @@
printf test 27:3 1 2
printf test 28:02 1
printf test 29:2 1
+printf test 30:x
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
