]> git.saurik.com Git - wxWidgets.git/blobdiff - src/common/strvararg.cpp
fixing overrelease and out-of-bounds write, fixes #13725
[wxWidgets.git] / src / common / strvararg.cpp
index 09b8ca0b98001033a5b798ff3da7f41e04aa2417..656359a6b275b81c345cce20317ad46ea6c22110 100644 (file)
@@ -161,6 +161,19 @@ public:
         {
             if ( CopyFmtChar(*format++) == wxT('%') )
             {
+#if wxUSE_PRINTF_POS_PARAMS
+                if ( *format >= '0' && *format <= '9' )
+                {
+                    SkipDigits(&format);
+                    if ( *format == '$' )
+                    {
+                        // It was a positional argument specification.
+                        CopyFmtChar(*format++);
+                    }
+                    //else: it was a width specification, nothing else to do.
+                }
+#endif // wxUSE_PRINTF_POS_PARAMS
+
                 // skip any flags
                 while ( IsFlagChar(*format) )
                     CopyFmtChar(*format++);
@@ -375,7 +388,7 @@ private:
     size_t m_nCopied;
 };
 
-#ifdef __WINDOWS__
+#if defined(__WINDOWS__) && !defined(__CYGWIN__)
 
 // on Windows, we should use %s and %c regardless of the build:
 class wxPrintfFormatConverterWchar : public wxFormatConverterBase<wchar_t>
@@ -422,6 +435,8 @@ class wxPrintfFormatConverterWchar : public wxFormatConverterBase<wchar_t>
 };
 #endif // !wxUSE_UTF8_LOCALE_ONLY
 
+#endif // __WINDOWS__/!__WINDOWS__
+
 #if wxUSE_UNICODE_UTF8
 class wxPrintfFormatConverterUtf8 : public wxFormatConverterBase<char>
 {
@@ -445,8 +460,6 @@ class wxPrintfFormatConverterUtf8 : public wxFormatConverterBase<char>
 };
 #endif // wxUSE_UNICODE_UTF8
 
-#endif // __WINDOWS__/!__WINDOWS__
-
 #if !wxUSE_UNICODE // FIXME-UTF8: remove
 class wxPrintfFormatConverterANSI : public wxFormatConverterBase<char>
 {
@@ -637,12 +650,15 @@ template<typename CharType>
 wxFormatString::ArgumentType DoGetArgumentType(const CharType *format,
                                                unsigned n)
 {
-    wxCHECK_MSG( format, wxFormatString::Arg_Other,
+    wxCHECK_MSG( format, wxFormatString::Arg_Unknown,
                  "empty format string not allowed here" );
 
     wxPrintfConvSpecParser<CharType> parser(format);
 
-    wxCHECK_MSG( parser.pspec[n-1] != NULL, wxFormatString::Arg_Other,
+    wxCHECK_MSG( n <= parser.nargs, wxFormatString::Arg_Unknown,
+                 "more arguments than format string specifiers?" );
+
+    wxCHECK_MSG( parser.pspec[n-1] != NULL, wxFormatString::Arg_Unknown,
                  "requested argument not found - invalid format string?" );
 
     switch ( parser.pspec[n-1]->m_type )
@@ -651,9 +667,48 @@ wxFormatString::ArgumentType DoGetArgumentType(const CharType *format,
         case wxPAT_WCHAR:
             return wxFormatString::Arg_Char;
 
-        default:
-            return wxFormatString::Arg_Other;
+        case wxPAT_PCHAR:
+        case wxPAT_PWCHAR:
+            return wxFormatString::Arg_String;
+
+        case wxPAT_INT:
+            return wxFormatString::Arg_Int;
+        case wxPAT_LONGINT:
+            return wxFormatString::Arg_LongInt;
+#ifdef wxLongLong_t
+        case wxPAT_LONGLONGINT:
+            return wxFormatString::Arg_LongLongInt;
+#endif
+        case wxPAT_SIZET:
+            return wxFormatString::Arg_Size_t;
+
+        case wxPAT_DOUBLE:
+            return wxFormatString::Arg_Double;
+        case wxPAT_LONGDOUBLE:
+            return wxFormatString::Arg_LongDouble;
+
+        case wxPAT_POINTER:
+            return wxFormatString::Arg_Pointer;
+
+        case wxPAT_NINT:
+            return wxFormatString::Arg_IntPtr;
+        case wxPAT_NSHORTINT:
+            return wxFormatString::Arg_ShortIntPtr;
+        case wxPAT_NLONGINT:
+            return wxFormatString::Arg_LongIntPtr;
+
+        case wxPAT_STAR:
+            // "*" requires argument of type int
+            return wxFormatString::Arg_Int;
+
+        case wxPAT_INVALID:
+            // (handled after the switch statement)
+            break;
     }
+
+    // silence warning
+    wxFAIL_MSG( "unexpected argument type" );
+    return wxFormatString::Arg_Unknown;
 }
 
 } // anonymous namespace
@@ -670,5 +725,5 @@ wxFormatString::ArgumentType wxFormatString::GetArgumentType(unsigned n) const
         return DoGetArgumentType(m_cstr->AsInternal(), n);
 
     wxFAIL_MSG( "unreachable code" );
-    return Arg_Other;
+    return Arg_Unknown;
 }