tal/str: fix infinite loop of tal_fmt() with empty string.

[ccan] / ccan / tal / str / str.c

diff --git a/ccan/tal/str/str.c b/ccan/tal/str/str.c
index 237652f738fc2217b5f0e9eeb117f299b2a484b0..7adb9ef5aefbf990067a1dc80569dbba6f679587 100644 (file)
--- a/ccan/tal/str/str.c
+++ b/ccan/tal/str/str.c
@@ -26,11 +26,9 @@ char *tal_strndup(const tal_t *ctx, const char *p, size_t n)
        char *ret;
 
        /* We have to let through NULL for take(). */
-       if (likely(p)) {
-               len = strlen(p);
-               if (len > n)
-                       len = n;
-       } else
+       if (likely(p))
+               len = strnlen(p, n);
+       else
                len = n;
 
        ret = tal_dup_(ctx, p, 1, len, 1, false, TAL_LABEL(char, "[]"));
@@ -54,7 +52,7 @@ char *tal_fmt(const tal_t *ctx, const char *fmt, ...)
 static bool do_vfmt(char **buf, size_t off, const char *fmt, va_list ap)
 {
        /* A decent guess to start. */
-       size_t max = strlen(fmt) * 2;
+       size_t max = strlen(fmt) * 2 + 1;
        bool ok;
 
        for (;;) {
@@ -236,9 +234,31 @@ fail:
        goto out;
 }
 
+static size_t count_open_braces(const char *string)
+{
+#if 1
+       size_t num = 0, esc = 0;
+
+       while (*string) {
+               if (*string == '\\')
+                       esc++;
+               else {
+                       /* An odd number of \ means it's escaped. */
+                       if (*string == '(' && (esc & 1) == 0)
+                               num++;
+                       esc = 0;
+               }
+               string++;
+       }
+       return num;
+#else
+       return strcount(string, "(");
+#endif
+}
+
 bool tal_strreg(const tal_t *ctx, const char *string, const char *regex, ...)
 {
-       size_t nmatch = 1 + strcount(regex, "(");
+       size_t nmatch = 1 + count_open_braces(regex);
        regmatch_t matches[nmatch];
        regex_t r;
        bool ret = false;