lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Using string.format's %s where the argument contains null bytes (\0)
produces odd behaviour:

    > =#string.format("%s", string.rep("a", 1) .. "\0b")
    1
    > =#string.format("%s", string.rep("a", 100) .. "\0b")
    102

Note that I'm returning the length rather than printing, as lua 5.1
doesn't support null bytes in print()
(due to using fputs instead of fwrite)

It's due to this check in lstrlib.c (this one taken from 5.1, but 5.2
and 5.3 are pretty much the same):

          size_t l;
          const char *s = luaL_checklstring(L, arg, &l);
          if (!strchr(form, '.') && l >= 100) {
            /* no precision and string is too long to be formatted;
               keep original string */
            lua_pushvalue(L, arg);
            luaL_addvalue(&b);
            continue;  /* skip the `addsize' at the end */
          }
          else {
            sprintf(buff, form, s);
            break;
          }

You'll notice that only if the string is longer than 100 characters
does the length get used when appending.
In the normal (small string) case, it will result in a call to
`sprintf` which stops at the first \0

Btw, In the current code, I don't think that `form` can ever contain a
'.' when l > 99, so the first predicate can be ignored.