From bd16b22daca9dba1f6aec63ff2b8fc63b849ef95 Mon Sep 17 00:00:00 2001
From: nicm <nicm>
Date: Thu, 4 Dec 2025 20:49:57 +0000
Subject: [PATCH] Do not read over buffer if format is a single #, and do not
 loop forever if UTF-8 is unfinished in a format. Reported by Giorgi Kobakhia
 im GitHub issue 4735.

---
 format-draw.c | 2 --
 format.c      | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/format-draw.c b/format-draw.c
index efc6ab1a..c8cb74b6 100644
--- a/format-draw.c
+++ b/format-draw.c
@@ -1104,8 +1104,6 @@ format_width(const char *expanded)
 				more = utf8_append(&ud, *cp);
 			if (more == UTF8_DONE)
 				width += ud.width;
-			else
-				cp -= ud.have;
 		} else if (*cp > 0x1f && *cp < 0x7f) {
 			width++;
 			cp++;
diff --git a/format.c b/format.c
index b5272422..afcf7535 100644
--- a/format.c
+++ b/format.c
@@ -5541,7 +5541,8 @@ format_expand1(struct format_expand_state *es, const char *fmt)
 			buf[off++] = *fmt++;
 			continue;
 		}
-		fmt++;
+		if (*fmt++ == '\0')
+			break;
 
 		ch = (u_char)*fmt++;
 		switch (ch) {