printf: Check precision before writing into stdout (#6511)

* Add a new error type InvalidPrecision * check if the precision is valid before writing to stdout when it is signedInt, unsigned, or float * add tests for invalid precision check * add tests for invalid precision check * fix possible cross-platform issue that code failing to pass on some tests * uucore/format: inline var in format string --------- Co-authored-by: Daniel Hofstetter <daniel.hofstetter@42dh.com>
2025-07-27 11:07:44 +00:00 · 2024-07-01 21:15:32 +08:00 · 2024-07-01 21:15:32 +08:00 · e6b6b2761b
commit e6b6b2761b
parent ff389491cc
3 changed files with 32 additions and 0 deletions
--- a/src/uucore/src/lib/features/format/mod.rs
+++ b/src/uucore/src/lib/features/format/mod.rs
@ -62,6 +62,7 @@ pub enum FormatError {
    TooManySpecs(Vec<u8>),
    NeedAtLeastOneSpec(Vec<u8>),
    WrongSpecType,
+    InvalidPrecision(String),
 }

 impl Error for FormatError {}
@ -91,6 +92,7 @@ impl Display for FormatError {
                "format '{}' has no % directive",
                String::from_utf8_lossy(s)
            ),
+            Self::InvalidPrecision(precision) => write!(f, "invalid precision: '{precision}'"),
            // TODO: Error message below needs some work
            Self::WrongSpecType => write!(f, "wrong % directive type was given"),
            Self::IoError(_) => write!(f, "io error"),
--- a/src/uucore/src/lib/features/format/spec.rs
+++ b/src/uucore/src/lib/features/format/spec.rs
@ -374,6 +374,10 @@ impl Spec {
                let precision = resolve_asterisk(*precision, &mut args)?.unwrap_or(0);
                let i = args.get_i64();

+                if precision as u64 > i32::MAX as u64 {
+                    return Err(FormatError::InvalidPrecision(precision.to_string()));
+                }
+
                num_format::SignedInt {
                    width,
                    precision,
@ -393,6 +397,10 @@ impl Spec {
                let precision = resolve_asterisk(*precision, &mut args)?.unwrap_or(0);
                let i = args.get_u64();

+                if precision as u64 > i32::MAX as u64 {
+                    return Err(FormatError::InvalidPrecision(precision.to_string()));
+                }
+
                num_format::UnsignedInt {
                    variant: *variant,
                    precision,
@ -415,6 +423,10 @@ impl Spec {
                let precision = resolve_asterisk(*precision, &mut args)?.unwrap_or(6);
                let f = args.get_f64();

+                if precision as u64 > i32::MAX as u64 {
+                    return Err(FormatError::InvalidPrecision(precision.to_string()));
+                }
+
                num_format::Float {
                    width,
                    precision,
--- a/tests/by-util/test_printf.rs
+++ b/tests/by-util/test_printf.rs
@ -774,3 +774,21 @@ fn format_spec_zero_string_fails() {
    // It is invalid to have the format spec '%0s'
    new_ucmd!().args(&["%0s", "3"]).fails().code_is(1);
 }
+
+#[test]
+fn invalid_precision_fails() {
+    // It is invalid to have length of output string greater than i32::MAX
+    new_ucmd!()
+        .args(&["%.*d", "2147483648", "0"])
+        .fails()
+        .stderr_is("printf: invalid precision: '2147483648'\n");
+}
+
+#[test]
+fn float_invalid_precision_fails() {
+    // It is invalid to have length of output string greater than i32::MAX
+    new_ucmd!()
+        .args(&["%.*f", "2147483648", "0"])
+        .fails()
+        .stderr_is("printf: invalid precision: '2147483648'\n");
+}