Impose upper limit on memory allocation in wxString::PrintfV()

Don't loop indefinitely until we run out of memory, possibly after wrapping around INT_MAX, but impose an arbitrary limit of 128MiB for the max allocation done by wxString::PrintfV() when the provided format string or one of the arguments are invalid. This notably fixes a crash when trying to use "%c" to output an invalid Unicode character. Also improve comment explaining DoStringPrintfV() logic and change the size type to size_t from int. Co-Authored-By: Arrigo Marchiori <ardovm@yahoo.it>
2020-11-30 22:11:54 +01:00
parent 8fb4ab99f1
commit 344cc940a0
2 changed files with 70 additions and 50 deletions
--- a/tests/strings/vararg.cpp
+++ b/tests/strings/vararg.cpp
@@ -274,3 +274,29 @@ TEST_CASE("VeryLongArg", "[wxString][Format][vararg]")
    REQUIRE( s.length() == LENGTH );
    CHECK( s == veryLongString );
 }
+
+namespace
+{
+
+// Helpers for the "PrintfError" test: we must pass by these functions
+// because specifying "%c" directly inline would convert it to "%lc" and avoid
+// the error.
+wxString CallPrintfV(const char* format, ...)
+{
+    va_list ap;
+    va_start(ap, format);
+    wxString s;
+    s.PrintfV(wxString::FromAscii(format), ap);
+    va_end(ap);
+    return s;
+}
+
+} // anonymous namespace
+
+TEST_CASE("PrintfError", "[wxString][Format][vararg][error]")
+{
+    // Check that using invalid argument doesn't keep doubling the buffer until
+    // we run out of memory and die.
+    const int invalidChar = 0x1780;
+    REQUIRE_NOTHROW( CallPrintfV("%c", invalidChar) );
+}