On Mon, Oct 21, 2019 at 12:01:30AM +0200, Luc Van Oostenryck wrote:
> On Wed, Sep 25, 2019 at 11:00:13AM +0100, Ben Dooks wrote:
> > +static void evaluate_format_printf(const char *fmt_string, struct symbol *fn, struct expression_list *head)
> > +{
> > + struct format_state state = { };
> > + struct expression *expr;
> > +
> > + expr = get_expression_n(head, fn->ctype.printf_msg-1);
> > + if (!expr)
> > + return;
> > +
> > + state.expr = expr;
> > + state.va_start = fn->ctype.printf_va_start;
> > + state.arg_index = fn->ctype.printf_va_start;
> > +
> > + if (!fmt_string) {
> > + warning(expr->pos, "not a format string?");
> > + } else {
> > + const char *string = fmt_string;
> > + int fail = 0;
> > +
> > + for (; string[0] != '\0'; string++) {
> > + if (string[0] != '%')
> > + continue;
> > + if (parse_format_printf(&string, &state, head) < 0)
> > + fail++;
> > + string--;
>
> This last statement is wrong, it just needs to be removed.
It's more subtle than that: the string++ should only be done
when stripping the chars before the '%'.
Thus the loop should be something like:
while (string[0]) {
if (string[0] != '%') {
// strip everything before '%'
string++;
continue;
}
if (parse_format_printf(&string, &state, head) < 0)
fail++;
}
-- Luc
