string.format's %s and null bytes

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: string.format's %s and null bytes
From: Daurnimator <quae@...>
Date: Tue, 28 Jul 2015 17:11:09 +1000

Using string.format's %s where the argument contains null bytes (\0)
produces odd behaviour:

    > =#string.format("%s", string.rep("a", 1) .. "\0b")
    1
    > =#string.format("%s", string.rep("a", 100) .. "\0b")
    102

Note that I'm returning the length rather than printing, as lua 5.1
doesn't support null bytes in print()
(due to using fputs instead of fwrite)

It's due to this check in lstrlib.c (this one taken from 5.1, but 5.2
and 5.3 are pretty much the same):

          size_t l;
          const char *s = luaL_checklstring(L, arg, &l);
          if (!strchr(form, '.') && l >= 100) {
            /* no precision and string is too long to be formatted;
               keep original string */
            lua_pushvalue(L, arg);
            luaL_addvalue(&b);
            continue;  /* skip the `addsize' at the end */
          }
          else {
            sprintf(buff, form, s);
            break;
          }

You'll notice that only if the string is longer than 100 characters
does the length get used when appending.
In the normal (small string) case, it will result in a call to
`sprintf` which stops at the first \0

Btw, In the current code, I don't think that `form` can ever contain a
'.' when l > 99, so the first predicate can be ignored.

Prev by Date: Re: Proposal: debug.topointer
Next by Date: Re: Proposal: debug.topointer
Previous by thread: Re: Proposal: debug.topointer
Next by thread: From C, finding a Lua function by its name
Index(es):
- Date
- Thread