circlecloud/tmux
1
0
Fork 0
mirror of https://github.com/tmux/tmux.git synced 2026-04-16 03:56:28 +00:00
Code Issues Projects Releases Wiki Activity

Use INT_MIN + 1 as strtonum lower limits in formats so -ve works, found

Browse Source 
by ossfuzz.
This commit is contained in:
nicm
2026-04-02 09:28:22 +00:00
parent 2d5736f297
commit be2c6f3b5e
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
format.c
View File

@@ -4189,6 +4189,8 @@ format_build_modifiers(struct format_expand_state *es, const char **s,
/* Skip any separator character. */
if (*cp == ';')
cp++;
if (*cp == '\0')
break;
/* Check single character modifiers with no arguments. */
if (strchr("labcdnwETSWPL!<>", cp[0]) != NULL &&
@@ -4749,7 +4751,7 @@ format_replace_expression(struct format_modifier *mexp,
/* The third argument may be precision. */
if (argc >= 3) {
prec = strtonum(mexp->argv[2], INT_MIN, INT_MAX, &errstr);
prec = strtonum(mexp->argv[2], INT_MIN + 1, INT_MAX, &errstr);
if (errstr != NULL) {
format_log(es, "expression precision %s: %s", errstr,
mexp->argv[2]);
@@ -4894,8 +4896,8 @@ format_replace(struct format_expand_state *es, const char *key, size_t keylen,
case '=':
if (fm->argc < 1)
break;
limit = strtonum(fm->argv[0], INT_MIN, INT_MAX,
&errstr);
limit = strtonum(fm->argv[0], INT_MIN + 1,
INT_MAX, &errstr);
if (errstr != NULL)
limit = 0;
if (fm->argc >= 2 && fm->argv[1] != NULL)
@@ -4904,8 +4906,8 @@ format_replace(struct format_expand_state *es, const char *key, size_t keylen,
case 'p':
if (fm->argc < 1)
break;
width = strtonum(fm->argv[0], INT_MIN, INT_MAX,
&errstr);
width = strtonum(fm->argv[0], INT_MIN + 1,
INT_MAX, &errstr);
if (errstr != NULL)
width = 0;
break;