Hi,
I discovered a bug in sprintf()'s argument swapping code. It accepts an
argument number of zero, which is invalid. It is handled in different
ways in different libcs, but i figured the best way to handle it in PHP
was to make the functioncall fail. Patch is attached.
Best regards,
Morten
PS. Thanks to mbn for whining :-)
--
Morten Poulsen [EMAIL PROTECTED]
http://www.afdelingp.dk/
Index: ext/standard/formatted_print.c
===
RCS file: /repository/php4/ext/standard/formatted_print.c,v
retrieving revision 1.46
diff -u -r1.46 formatted_print.c
--- ext/standard/formatted_print.c 28 Feb 2002 08:26:45 - 1.46
+++ ext/standard/formatted_print.c 21 Mar 2002 16:26:35 -
@@ -479,7 +479,12 @@
temppos = inpos;
while (isdigit((int)format[temppos])) temppos++;
if (format[temppos] == '$') {
- argnum = php_sprintf_getnumber(format, inpos);
+ if ((argnum = php_sprintf_getnumber(format, inpos)) == 0) {
+ efree(result);
+ efree(args);
+ php_error(E_WARNING, %s(): zero is not a valid argument number, get_active_function_name(TSRMLS_C));
+ return NULL;
+ }
inpos++; /* skip the '$' */
} else {
argnum = currarg++;
Index: tests/strings/002.phpt
===
RCS file: /repository/php4/tests/strings/002.phpt,v
retrieving revision 1.3
diff -u -r1.3 002.phpt
--- tests/strings/002.phpt 9 Apr 2001 15:44:24 - 1.3
+++ tests/strings/002.phpt 21 Mar 2002 16:26:36 -
@@ -38,6 +38,7 @@
printf(printf test 27:%3\$d %d %d\n, 1, 2, 3);
printf(printf test 28:%2\$02d %1\$2d\n, 1, 2);
printf(printf test 29:%2\$-2d %1\$2d\n, 1, 2);
+print(printf test 30:); printf(%0\$s, 1); print(x\n);
?
--EXPECT--
@@ -72,3 +73,4 @@
printf test 27:3 1 2
printf test 28:02 1
printf test 29:2 1
+printf test 30:x
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
