php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68274 vsprintf miscounts argument count
Submitted: 2014-10-21 13:55 UTC Modified: 2014-10-21 19:25 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: eep at mailinator dot com Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: eep at mailinator dot com
New email:
PHP Version: OS:

 

 [2014-10-21 13:55 UTC] eep at mailinator dot com 
Description:
------------
vsprintf() doesn't validate formatting strings, seems to only count percent signs (followed by pretty much anything). For example, '%)' expects one parameter.

Test script:
---------------
<?php

vsprintf('(foo %) bar');

Actual result:
--------------
Warning: Wrong parameter count for vsprintf() in /vsprintf.php on line 2

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-10-21 14:34 UTC] eep at mailinator dot com
-: viagra dot salesman at gmail dot com +: eep at mailinator dot com
 [2014-10-21 14:34 UTC] eep at mailinator dot com 
I just realized the provided test script is bad, since second parameter is not optional.

However, even with some parameters, the argument count is still counted wrong.

printf('%s (foo %) bar', 'test');

..produces the same warning.
 [2014-10-21 17:11 UTC] php at mcq8 dot be 
As described in the docs (http://be2.php.net/manual/en/function.sprintf.php), you need to use %% to have the literal percent character.
 [2014-10-21 19:25 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2014-10-21 19:25 UTC] requinix@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Apr 28 10:01:30 2024 UTC