jmestwa-coder opened a new pull request, #655: URL: https://github.com/apache/logging-log4cxx/pull/655
## Summary Add bounds validation to `StringHelper::format` to safely handle malformed or under-supplied placeholders. The previous implementation indexed `pattern[i + 1]`, `pattern[i + 2]`, and `params[arg]` without validating bounds, which could trigger invalid memory access and process failure for malformed format strings or missing arguments. ## Changes - Replaced sentinel-style string iteration with length-checked iteration - Added bounds checks before reading placeholder characters - Added argument index validation before accessing `params[arg]` - Preserved unresolved placeholders literally when arguments are missing ## Tests Added regression coverage for: - empty format patterns - missing placeholder arguments -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
