mprintf: allow %.s with data not being zero terminated

If the precision is indeed shorter than the string, don't strlen() to
find the end because that's not how the precision operator works.

I also added a unit test for curl_msnprintf to make sure this works and
that the fix doesn't a few other basic use cases. I found a POSIX
compliance problem that I marked TODO in the unit test, and I figure we
need to add more tests in the future.

Reported-by: Török Edwin

diff --git a/lib/mprintf.c b/lib/mprintf.c
index cc6042a..23070a7 100644 (file)
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1999 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -804,11 +804,11 @@ static int dprintf_formatf(
             len = 0;
           }
         }
+        else if(prec != -1)
+          len = (size_t)prec;
         else
           len = strlen(str);
 
-        if(prec != -1 && (size_t) prec < len)
-          len = (size_t)prec;
         width -= (long)len;
 
         if(p->flags & FLAGS_ALT)
@@ -818,7 +818,7 @@ static int dprintf_formatf(
           while(width-- > 0)
             OUTCHAR(' ');
 
-        while(len-- > 0)
+        while((len-- > 0) && *str)
           OUTCHAR(*str++);
         if(p->flags&FLAGS_LEFT)
           while(width-- > 0)

diff --git a/tests/data/test1398 b/tests/data/test1398
new file mode 100644 (file)
index 0000000..dd50baa
--- /dev/null
+++ b/tests/data/test1398
@@ -0,0 +1,26 @@
+<testcase>
+<info>
+<keywords>
+unittest
+curl_msnprintf
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+</features>
+ <name>
+curl_msnprintf unit tests
+ </name>
+<tool>
+unit1398
+</tool>
+</client>
+
+</testcase>

diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index 75bf45a..526ec1f 100644 (file)
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -6,7 +6,7 @@ UNITFILES = curlcheck.h \
 
 # These are all unit test programs
 UNITPROGS = unit1300 unit1301 unit1302 unit1303 unit1304 unit1305 unit1307 \
- unit1308 unit1309 unit1330 unit1394 unit1395 unit1396 unit1397
+ unit1308 unit1309 unit1330 unit1394 unit1395 unit1396 unit1397 unit1398
 
 unit1300_SOURCES = unit1300.c $(UNITFILES)
 unit1300_CPPFLAGS = $(AM_CPPFLAGS)
@@ -52,3 +52,7 @@ unit1396_CPPFLAGS = $(AM_CPPFLAGS)
 
 unit1397_SOURCES = unit1397.c $(UNITFILES)
 unit1397_CPPFLAGS = $(AM_CPPFLAGS)
+
+unit1398_SOURCES = unit1398.c $(UNITFILES)
+unit1398_CPPFLAGS = $(AM_CPPFLAGS)
+

diff --git a/tests/unit/unit1398.c b/tests/unit/unit1398.c
new file mode 100644 (file)
index 0000000..e579a62
--- /dev/null
+++ b/tests/unit/unit1398.c
@@ -0,0 +1,91 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#include "curl/mprintf.h"
+
+static CURLcode unit_setup( void ) {return CURLE_OK;}
+static void unit_stop( void ) {}
+
+UNITTEST_START
+
+int rc;
+char buf[3] = {'b', 'u', 'g'};
+const char *str="bug";
+int width = 3;
+char output[24];
+
+/*#define curl_msnprintf snprintf */
+
+/* without a trailing zero */
+rc = curl_msnprintf(output, 4, "%.*s", width, buf);
+fail_unless( rc == 3 , "return code should be 3" );
+fail_unless(!strcmp(output, "bug"), "wrong output");
+
+/* with a trailing zero */
+rc = curl_msnprintf(output, 4, "%.*s", width, str);
+fail_unless( rc == 3 , "return code should be 3" );
+fail_unless(!strcmp(output, "bug"), "wrong output");
+
+width = 2;
+/* one byte less */
+rc = curl_msnprintf(output, 4, "%.*s", width, buf);
+fail_unless( rc == 2 , "return code should be 2" );
+fail_unless(!strcmp(output, "bu"), "wrong output");
+
+/* string with larger precision */
+rc = curl_msnprintf(output, 8, "%.8s", str);
+fail_unless( rc == 3 , "return code should be 3" );
+fail_unless(!strcmp(output, "bug"), "wrong output");
+
+/* longer string with precision */
+rc = curl_msnprintf(output, 8, "%.3s", "0123456789");
+fail_unless( rc == 3 , "return code should be 3" );
+fail_unless(!strcmp(output, "012"), "wrong output");
+
+/* negative width */
+rc = curl_msnprintf(output, 8, "%-8s", str);
+fail_unless( rc == 8 , "return code should be 8" );
+fail_unless(!strcmp(output, "bug    "), "wrong output");
+
+/* larger width that string length */
+rc = curl_msnprintf(output, 8, "%8s", str);
+fail_unless( rc == 8 , "return code should be 8" );
+fail_unless(!strcmp(output, "     bu"), "wrong output");
+
+/* output a number in a limited output */
+rc = curl_msnprintf(output, 4, "%d", 10240);
+/* TODO: this should return 5 to be POSIX/snprintf compliant! */
+fail_unless( rc == 4 , "return code should be 4" );
+fail_unless(!strcmp(output, "102"), "wrong output");
+
+/* padded strings */
+rc = curl_msnprintf(output, 16, "%8s%8s", str, str);
+fail_unless( rc == 16 , "return code should be 16" );
+fail_unless(!strcmp(output, "     bug     bu"), "wrong output");
+
+/* padded numbers */
+rc = curl_msnprintf(output, 16, "%8d%8d", 1234, 5678);
+fail_unless( rc == 16 , "return code should be 16" );
+fail_unless(!strcmp(output, "    1234    567"), "wrong output");
+
+UNITTEST_STOP