From 70eeff67e410739670ea8caf39ea060e96baaa33 Mon Sep 17 00:00:00 2001 From: Philip Top Date: Wed, 1 Jan 2025 08:54:14 -0800 Subject: [PATCH] fix a fuzzing issue from a string as a bracket --- include/CLI/impl/Option_inl.hpp | 23 +++++++++++++++++++++++ tests/FuzzFailTest.cpp | 4 ++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/include/CLI/impl/Option_inl.hpp b/include/CLI/impl/Option_inl.hpp index b94453f94..96334c3f4 100644 --- a/include/CLI/impl/Option_inl.hpp +++ b/include/CLI/impl/Option_inl.hpp @@ -664,6 +664,29 @@ CLI11_INLINE int Option::_add_result(std::string &&result, std::vector 1) && !result.empty() && result.front() == '[' && result.back() == ']') { // this is now a vector string likely from the default or user entry + if (result.size() >= 4 && result[1] == '[' && (*(result.end() - 2) == ']')) + { + //this is an escape clause for odd strings + std::string nstrs{ '[' }; + bool duplicated{ true }; + for (int ii = 2; ii < result.size() - 2; ii+=2) + { + if (result[ii] == result[ii + 1]) + { + nstrs.push_back(result[ii]); + } + else { + duplicated=false; + break; + } + } + if (duplicated) + { + res.push_back(std::move(nstrs)); + ++result_count; + return result_count; + } + } result.pop_back(); result.erase(result.begin()); bool skipSection{false}; diff --git a/tests/FuzzFailTest.cpp b/tests/FuzzFailTest.cpp index 852d9c6a6..e4497224f 100644 --- a/tests/FuzzFailTest.cpp +++ b/tests/FuzzFailTest.cpp @@ -267,10 +267,10 @@ TEST_CASE("app_roundtrip_custom") { CLI::FuzzApp fuzzdata2; auto app = fuzzdata.generateApp(); auto app2 = fuzzdata2.generateApp(); - int index = GENERATE(range(1, 3)); + int index = GENERATE(range(1, 4)); std::string optionString, flagString; auto parseData = loadFailureFile("round_trip_custom", index); - std::size_t pstring_start{0}; + std::size_t pstring_start{0}; pstring_start = fuzzdata.add_custom_options(app.get(), parseData); if(pstring_start > 0) {