From e9482bfa268e1a74f7e836c40c6c18165983beb0 Mon Sep 17 00:00:00 2001 From: SheetJS Date: Tue, 31 Dec 2013 11:38:31 -0500 Subject: [PATCH] version bump 0.4.1: terminating infinite loop Infinite loop caused by invalid format string without proper end check. It was introduced :) --- package.json | 2 +- ssf.js | 2 +- ssf.md | 9 ++++++--- ssf_node.js | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 9fdd20b..c9a722f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ssf", - "version": "0.4.0", + "version": "0.4.1", "author": "SheetJS", "description": "pure-JS library to format data using ECMA-376 spreadsheet Format Codes", "keywords": [ "format", "sprintf", "spreadsheet" ], diff --git a/ssf.js b/ssf.js index 9318276..5c8d622 100644 --- a/ssf.js +++ b/ssf.js @@ -257,7 +257,7 @@ function eval_fmt(fmt, v, opts, flen) { while(i < fmt.length) { switch((c = fmt[i])) { case '"': /* Literal text */ - for(o="";fmt[++i] !== '"';) o += fmt[i]; + for(o="";fmt[++i] !== '"' && i < fmt.length;) o += fmt[i]; out.push({t:'t', v:o}); ++i; break; case '\\': var w = fmt[++i], t = "()".indexOf(w) === -1 ? 't' : w; out.push({t:t, v:w}); ++i; break; diff --git a/ssf.md b/ssf.md index bc654da..7d1b43e 100644 --- a/ssf.md +++ b/ssf.md @@ -426,11 +426,14 @@ function eval_fmt(fmt, v, opts, flen) { ``` Text between double-quotes are treated literally, and individual characters are -literal if they are preceded by a slash: +literal if they are preceded by a slash. + +The additional `i < fmt.length` guard was added due to potentially unterminated +strings generated by LO: ``` case '"': /* Literal text */ - for(o="";fmt[++i] !== '"';) o += fmt[i]; + for(o="";fmt[++i] !== '"' && i < fmt.length;) o += fmt[i]; out.push({t:'t', v:o}); ++i; break; case '\\': var w = fmt[++i], t = "()".indexOf(w) === -1 ? 't' : w; out.push({t:t, v:w}); ++i; break; @@ -805,7 +808,7 @@ test: ```json>package.json { "name": "ssf", - "version": "0.4.0", + "version": "0.4.1", "author": "SheetJS", "description": "pure-JS library to format data using ECMA-376 spreadsheet Format Codes", "keywords": [ "format", "sprintf", "spreadsheet" ], diff --git a/ssf_node.js b/ssf_node.js index 0c39d99..1d2b95a 100644 --- a/ssf_node.js +++ b/ssf_node.js @@ -257,7 +257,7 @@ function eval_fmt(fmt, v, opts, flen) { while(i < fmt.length) { switch((c = fmt[i])) { case '"': /* Literal text */ - for(o="";fmt[++i] !== '"';) o += fmt[i]; + for(o="";fmt[++i] !== '"' && i < fmt.length;) o += fmt[i]; out.push({t:'t', v:o}); ++i; break; case '\\': var w = fmt[++i], t = "()".indexOf(w) === -1 ? 't' : w; out.push({t:t, v:w}); ++i; break;