fix out-of-bounds read on trailing % in wxDateTime::Format (PR #26543)
Javid Khan
Fuzzing date format strings turned this up. Format() does (*++p) when it hits a '%', so a format ending in a lone '%' advances the iterator onto end(), and then the for-loop's own ++p steps one past it; since end()+1 != end() the loop re-enters and reads *p past the terminating NUL. It asserts in debug builds via the existing case 0, but over-reads the format buffer in release. Advance once and output the trailing '%' verbatim then stop, which is what the case 0 comment already intended. ParseFormat() already handles this by returning false.
You can view, comment on, or merge this pull request online at:
https://github.com/wxWidgets/wxWidgets/pull/26543
Commit Summary
- 1b89f0b fix out-of-bounds read on trailing % in wxDateTime::Format
File Changes
(2 files)
Patch Links:
- https://github.com/wxWidgets/wxWidgets/pull/26543.patch
- https://github.com/wxWidgets/wxWidgets/pull/26543.diff
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
VZ
vadz left a comment (wxWidgets/wxWidgets#26543)Thanks! The fix looks correct but MSVC standard library doesn't like invalid format strings, apparently, making the CI jobs using it fail. The simplest is to just skip/disable this test when using it, could you please do it?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
Javid Khan
@dxbjavid pushed 1 commit.
- e9c8816 Skip trailing % format test with MSVC CRT
—
View it on GitHub or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
Javid Khan
dxbjavid left a comment (wxWidgets/wxWidgets#26543)Done, wrapped the new check in #ifndef _MSC_VER so it's skipped with the MSVC CRT. The fix itself is unaffected.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
VZ
vadz left a comment (wxWidgets/wxWidgets#26543)Sorry, I should have thought about this, but MSVC CRT is also used with MinGW, so the test needs to be excluded for it too.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
Javid Khan
@dxbjavid pushed 1 commit.
- 9478f55 Also exclude trailing % format test for MinGW
—
View it on GitHub or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.
Javid Khan
dxbjavid left a comment (wxWidgets/wxWidgets#26543)Good point, MinGW links the MS CRT too. Changed the guard to !defined(_MSC_VER) && !defined(__MINGW32__) so it's skipped there as well.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.