CVS commit: src

[Roland Illig]

Module Name:    src
Committed By:   rillig
Date:           Thu Mar 14 21:17:54 UTC 2024

Modified Files:
        src/tests/usr.bin/stat: t_stat.sh
        src/usr.bin/stat: stat.c

Log Message:
stat: don't allow numeric formatting flags on strings

Calling snprintf with "%+s" invokes undefined behavior.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/usr.bin/stat/t_stat.sh
cvs rdiff -u -r1.52 -r1.53 src/usr.bin/stat/stat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/tests/usr.bin/stat/t_stat.sh
diff -u src/tests/usr.bin/stat/t_stat.sh:1.1 src/tests/usr.bin/stat/t_stat.sh:1.2
--- src/tests/usr.bin/stat/t_stat.sh:1.1	Thu Mar 14 21:00:33 2024
+++ src/tests/usr.bin/stat/t_stat.sh	Thu Mar 14 21:17:54 2024
@@ -1,4 +1,4 @@
-# $NetBSD: t_stat.sh,v 1.1 2024/03/14 21:00:33 rillig Exp $
+# $NetBSD: t_stat.sh,v 1.2 2024/03/14 21:17:54 rillig Exp $
 #
 # Copyright (c) 2024 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -44,10 +44,15 @@ string_format_body() {
 	atf_check -o 'inline:left-aligned <Ümläute           >\n' \
 	    stat -f 'left-aligned <%-20SN>' 'Ümläute'
 
-	# FIXME: invokes undefined behavior in snprintf "%+s"
-	atf_check -o 'inline:string-plus <Ümläute>\n' \
+	atf_check -s exit:1 -o ignore -e 'inline:stat: % SN: bad format\n' \
+	    stat -f 'string-space <% SN>' 'Ümläute'
+
+	atf_check -s exit:1 -o ignore -e 'inline:stat: %+SN: bad format\n' \
 	    stat -f 'string-plus <%+SN>' 'Ümläute'
 
+	atf_check -s exit:1 -o ignore -e 'inline:stat: %0SN: bad format\n' \
+	    stat -f 'string-zero <%0SN>' 'Ümläute'
+
 	atf_check -o 'inline:vis <\303\234ml\303\244ute>\n' \
 	    stat -f 'vis <%#SN>' 'Ümläute'
 

Index: src/usr.bin/stat/stat.c
diff -u src/usr.bin/stat/stat.c:1.52 src/usr.bin/stat/stat.c:1.53
--- src/usr.bin/stat/stat.c:1.52	Thu Mar 14 19:38:56 2024
+++ src/usr.bin/stat/stat.c	Thu Mar 14 21:17:54 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: stat.c,v 1.52 2024/03/14 19:38:56 kre Exp $ */
+/*	$NetBSD: stat.c,v 1.53 2024/03/14 21:17:54 rillig Exp $ */
 
 /*
  * Copyright (c) 2002-2011 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include <sys/cdefs.h>
 #if !defined(lint)
-__RCSID("$NetBSD: stat.c,v 1.52 2024/03/14 19:38:56 kre Exp $");
+__RCSID("$NetBSD: stat.c,v 1.53 2024/03/14 21:17:54 rillig Exp $");
 #endif
 
 #if ! HAVE_NBTOOL_CONFIG_H
@@ -1065,11 +1065,11 @@ format1(const struct stat *st,
 		errx(1, "%.*s: bad format", (int)flen, fmt);
 	}
 
-	/*
-	 * If a subdatum was specified but not supported, or an output
-	 * format was selected that is not supported, that's an error.
-	 */
-	if (hilo != 0 || (ofmt & formats) == 0)
+	if (hilo != 0			// subdatum not supported
+	    || !(ofmt & formats)	// output format not supported
+	    || (ofmt == FMTF_STRING && flags & FLAG_SPACE)
+	    || (ofmt == FMTF_STRING && flags & FLAG_PLUS)
+	    || (ofmt == FMTF_STRING && flags & FLAG_ZERO))
 		errx(1, "%.*s: bad format", (int)flen, fmt);
 
 	/*