Fix interpolation/STRFMT overflow issues (#838)

Widths and fractional widths greater than 255 would overflow a uint8_t and wrap around to smaller values. Total formatted lengths greater than the avilable buffer size would overflow it and potentially corrupt memory. Fixes #830 Closes #831
2025-11-20 10:12:06 +00:00 · 2021-04-17 00:52:55 -04:00
parent 503c3b5364
commit ee5da4468d
9 changed files with 122 additions and 36 deletions
--- a/test/asm/format-truncation.asm
+++ b/test/asm/format-truncation.asm
@@ -0,0 +1,15 @@
+num equ 42
+fix equ 123.0
+str equs "hello"
+
+println "{#0260x:num}"
+println "{#-260x:num}"
+println "{0280.260f:fix}"
+println "{260s:str}"
+println "{-260s:str}"
+
+println "<{#0260x:num}>"
+println "<{#-260x:num}>"
+println "<{0280.260f:fix}>"
+println "<{260s:str}>"
+println "<{-260s:str}>"
--- a/test/asm/format-truncation.err
+++ b/test/asm/format-truncation.err
@@ -0,0 +1,35 @@
+ERROR: format-truncation.asm(5):
+    Formatted numeric value too long
+ERROR: format-truncation.asm(6):
+    Formatted numeric value too long
+ERROR: format-truncation.asm(7):
+    Fractional width 260 too long, limiting to 255
+ERROR: format-truncation.asm(7):
+    Formatted numeric value too long
+ERROR: format-truncation.asm(8):
+    Formatted string value too long
+ERROR: format-truncation.asm(9):
+    Formatted string value too long
+ERROR: format-truncation.asm(11):
+    Formatted numeric value too long
+warning: format-truncation.asm(11): [-Wlong-string]
+    String constant too long
+ERROR: format-truncation.asm(12):
+    Formatted numeric value too long
+warning: format-truncation.asm(12): [-Wlong-string]
+    String constant too long
+ERROR: format-truncation.asm(13):
+    Fractional width 260 too long, limiting to 255
+ERROR: format-truncation.asm(13):
+    Formatted numeric value too long
+warning: format-truncation.asm(13): [-Wlong-string]
+    String constant too long
+ERROR: format-truncation.asm(14):
+    Formatted string value too long
+warning: format-truncation.asm(14): [-Wlong-string]
+    String constant too long
+ERROR: format-truncation.asm(15):
+    Formatted string value too long
+warning: format-truncation.asm(15): [-Wlong-string]
+    String constant too long
+error: Assembly aborted (12 errors)!
--- a/test/asm/format-truncation.out
+++ b/test/asm/format-truncation.out
@@ -0,0 +1,10 @@
+$0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002a
+$2a                                                                                                                                                                                                                                                            
+123.00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+                                                                                                                                                                                                                                                          hello
+hello                                                                                                                                                                                                                                                          
+<$0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002
+<$2a                                                                                                                                                                                                                                                           
+<123.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+<                                                                                                                                                                                                                                                          hell
+<hello                                                                                                                                                                                                                                                         
--- a/test/asm/interpolation-overflow.asm
+++ b/test/asm/interpolation-overflow.asm
@@ -0,0 +1,4 @@
+; It seems that \1 was the easiest way to notice the memory corruption that
+; resulted from this overflow
+x = 0
+{.99999999f:x}\1
--- a/test/asm/interpolation-overflow.err
+++ b/test/asm/interpolation-overflow.err
@@ -0,0 +1,9 @@
+ERROR: interpolation-overflow.asm(4):
+    Fractional width 99999999 too long, limiting to 255
+ERROR: interpolation-overflow.asm(4):
+    Formatted numeric value too long
+warning: interpolation-overflow.asm(4): [-Wlarge-constant]
+    Precision of fixed-point constant is too large
+while expanding symbol "0.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+FATAL: interpolation-overflow.asm(4):
+    Macro argument '\1' not defined
--- a/test/asm/interpolation-overflow.out
+++ b/test/asm/interpolation-overflow.out