Hello GNU m4 Maintainer,
I would like to report a potential security issue in m4 1.4.21.
The issue is in the format builtin path. User-controlled width and
precision values are forwarded into xasprintf in src/format.c:
```c
str = xasprintf (fstart, width, prec, ARG_INT (argc, argv));
```
That eventually reaches lib/xvasprintf.c, where a failure path prints an
error and aborts:
```c
fprintf (stderr, "vasprintf failed! format=\"%s\", errno=%s\n",
format, errname);
abort ();
```
Passing INT_MIN as a width can trigger an EOVERFLOW path and terminate
the process.
Affected area:
- src/format.c:246-270
- src/format.c:365-367
- lib/xvasprintf.c:97-127
If useful, I can provide a minimal PoC and reproduction output.
If you believe this is a valid security issue, please let me know your
preferred remediation or coordinated disclosure process. If needed, I
can also assist with CVE coordination after triage.
--
Best regards,
Zhihan Zheng
Beijing Institute of Technology
