From 325642ee061edab0d3aaccb71b9623b2e8e654ab Mon Sep 17 00:00:00 2001
From: "Fabrizio (Misto) Milo" <mistobaan@gmail.com>
Date: Sun, 3 May 2015 14:22:33 -0700
Subject: [PATCH] fmt: prevent panic from %.[]

Fixes #10675

Change-Id: Ia057427ce3e81d35f1ba6c354868a0ad6cc9abf2
Reviewed-on: https://go-review.googlesource.com/9636
Reviewed-by: Rob Pike <r@golang.org>
---
 src/fmt/fmt_test.go | 1 +
 src/fmt/print.go    | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/fmt/fmt_test.go b/src/fmt/fmt_test.go
index 90112bb2a3..ab3ffaea6e 100644
--- a/src/fmt/fmt_test.go
+++ b/src/fmt/fmt_test.go
@@ -822,6 +822,7 @@ var reorderTests = []struct {
 	{"%d %d %d %#[1]o %#o %#o %#o", SE{11, 12, 13}, "11 12 13 013 014 015 %!o(MISSING)"},
 	{"%[5]d %[2]d %d", SE{1, 2, 3}, "%!d(BADINDEX) 2 3"},
 	{"%d %[3]d %d", SE{1, 2}, "1 %!d(BADINDEX) 2"}, // Erroneous index does not affect sequence.
+	{"%.[]", SE{}, "%!](BADINDEX)"},                // Issue 10675
 }
 
 func TestReorder(t *testing.T) {
diff --git a/src/fmt/print.go b/src/fmt/print.go
index 1d8db0aac4..d07835da49 100644
--- a/src/fmt/print.go
+++ b/src/fmt/print.go
@@ -1036,6 +1036,11 @@ func intFromArg(a []interface{}, argNum int) (num int, isInt bool, newArgNum int
 // up to the closing paren, if present, and whether the number parsed
 // ok. The bytes to consume will be 1 if no closing paren is present.
 func parseArgNumber(format string) (index int, wid int, ok bool) {
+	// There must be at least 3 bytes: [n].
+	if len(format) < 3 {
+		return 0, 1, false
+	}
+
 	// Find closing bracket.
 	for i := 1; i < len(format); i++ {
 		if format[i] == ']' {
@@ -1062,7 +1067,7 @@ func (p *pp) argNumber(argNum int, format string, i int, numArgs int) (newArgNum
 		return index, i + wid, true
 	}
 	p.goodArgNum = false
-	return argNum, i + wid, true
+	return argNum, i + wid, ok
 }
 
 func (p *pp) doPrintf(format string, a []interface{}) {
@@ -1132,7 +1137,7 @@ func (p *pp) doPrintf(format string, a []interface{}) {
 				p.goodArgNum = false
 			}
 			argNum, i, afterIndex = p.argNumber(argNum, format, i, len(a))
-			if format[i] == '*' {
+			if i < end && format[i] == '*' {
 				i++
 				p.fmt.prec, p.fmt.precPresent, argNum = intFromArg(a, argNum)
 				if !p.fmt.precPresent {
-- 
2.48.1