From 53737990fe160d3f0d04aab9234381e1455c8a57 Mon Sep 17 00:00:00 2001 From: nobu Date: Sun, 23 Jul 2017 09:44:48 +0000 Subject: [PATCH] sprintf.c: width too big * sprintf.c (rb_str_format): explicitly reject too big negative width, instead of an empty string. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- sprintf.c | 1 + test/ruby/test_sprintf.rb | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/sprintf.c b/sprintf.c index 74229cc2d7..0d685ddbaf 100644 --- a/sprintf.c +++ b/sprintf.c @@ -648,6 +648,7 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) if (width < 0) { flags |= FMINUS; width = -width; + if (width < 0) rb_raise(rb_eArgError, "width too big"); } p++; goto retry; diff --git a/test/ruby/test_sprintf.rb b/test/ruby/test_sprintf.rb index f58686d93d..df004305ec 100644 --- a/test/ruby/test_sprintf.rb +++ b/test/ruby/test_sprintf.rb @@ -514,6 +514,12 @@ class TestSprintf < Test::Unit::TestCase assert_equal("!", sprintf("%*c", 0, ?!.ord), bug) end + def test_negative_width_overflow + assert_raise_with_message(ArgumentError, /too big/) do + sprintf("%*s", RbConfig::LIMITS["INT_MIN"], "") + end + end + def test_no_hidden_garbage fmt = [4, 2, 2].map { |x| "%0#{x}d" }.join('-') # defeats optimization ObjectSpace.count_objects(res = {}) # creates strings on first call