From 845610e80b66aa3d834f4d1b401133919bf7fadb Mon Sep 17 00:00:00 2001 From: Andy Soffer Date: Mon, 10 Oct 2022 14:53:27 -0700 Subject: Fix a bug in StrFormat. This issue would have been caught by any compile-time checking but can happen for incorrect formats parsed via ParsedFormat::New. Specifically, if a user were to add length modifiers with 'v', for example the incorrect format string "%hv", the ParsedFormat would incorrectly be allowed. PiperOrigin-RevId: 480183817 Change-Id: I8510c13189fdf807cdaa7f2e1b7ed9fba2aaefb9 --- absl/strings/internal/str_format/parser.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'absl/strings/internal/str_format/parser.cc') diff --git a/absl/strings/internal/str_format/parser.cc b/absl/strings/internal/str_format/parser.cc index f9bb6615..13731ee2 100644 --- a/absl/strings/internal/str_format/parser.cc +++ b/absl/strings/internal/str_format/parser.cc @@ -202,9 +202,7 @@ const char *ConsumeConversion(const char *pos, const char *const end, auto tag = GetTagForChar(c); - if (*(pos - 1) == 'v' && *(pos - 2) != '%') { - return nullptr; - } + if (ABSL_PREDICT_FALSE(c == 'v' && (pos - original_pos) != 1)) return nullptr; if (ABSL_PREDICT_FALSE(!tag.is_conv())) { if (ABSL_PREDICT_FALSE(!tag.is_length())) return nullptr; @@ -223,6 +221,8 @@ const char *ConsumeConversion(const char *pos, const char *const end, conv->length_mod = length_mod; } tag = GetTagForChar(c); + + if (ABSL_PREDICT_FALSE(c == 'v')) return nullptr; if (ABSL_PREDICT_FALSE(!tag.is_conv())) return nullptr; } -- cgit v1.2.3