Do not read over buffer if format is a single #, and do not loop forever

if UTF-8 is unfinished in a format. Reported by Giorgi Kobakhia im GitHub issue 4735.
2025-12-17 00:02:23 -05:00 · 2025-12-04 20:49:57 +00:00 · 2025-12-04 20:49:57 +00:00 · bd16b22dac
commit bd16b22dac
parent 9d6c69ebde
2 changed files with 2 additions and 3 deletions
--- a/format-draw.c
+++ b/format-draw.c
@ -1104,8 +1104,6 @@ format_width(const char *expanded)
 				more = utf8_append(&ud, *cp);
 			if (more == UTF8_DONE)
 				width += ud.width;
-			else
-				cp -= ud.have;
 		} else if (*cp > 0x1f && *cp < 0x7f) {
 			width++;
 			cp++;
--- a/format.c
+++ b/format.c
@ -5541,7 +5541,8 @@ format_expand1(struct format_expand_state *es, const char *fmt)
 			buf[off++] = *fmt++;
 			continue;
 		}
-		fmt++;
+		if (*fmt++ == '\0')
+			break;

 		ch = (u_char)*fmt++;
 		switch (ch) {