printf: Format String Parsing Overflow Causes Panic

Author: sylvestre

src/uucore/src/lib/features/format/spec.rs

@@ -595,14 +595,19 @@ fn eat_number(rest: &mut &[u8], index: &mut usize) -> Option<usize> {
     match rest[*index..].iter().position(|b| !b.is_ascii_digit()) {
         None | Some(0) => None,
         Some(i) => {
-            // TODO: This might need to handle errors better
-            // For example in case of overflow.
-            let parsed = std::str::from_utf8(&rest[*index..(*index + i)])
-                .unwrap()
-                .parse()
-                .unwrap();
-            *index += i;
-            Some(parsed)
+            // Handle large numbers that would cause overflow
+            let num_str = std::str::from_utf8(&rest[*index..(*index + i)]).unwrap();
+            match num_str.parse::<usize>() {
+                Ok(parsed) => {
+                    *index += i;
+                    Some(parsed)
+                }
+                Err(_) => {
+                    // For overflow or other parse errors, use usize::MAX as a reasonable limit
+                    *index += i;
+                    Some(usize::MAX)
+                }
+            }
         }
     }
 }

tests/by-util/test_printf.rs

@@ -1482,3 +1482,13 @@ fn test_large_width_format() {
             .stdout_is("");
     }
 }
+
+#[test]
+fn test_extreme_field_width_overflow() {
+    // Test the specific case that was causing panic due to integer overflow
+    // in the field width parsing.
+    new_ucmd!()
+        .args(&["%999999999999999999999999d", "1"])
+        .fails_with_code(1)
+        .stderr_only("printf: write error\n");
+}