public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug stdio/13988] New: scanf %f reads too many characters on non-matching "+.e" input
@ 2012-04-18 5:42 bugdal at aerifal dot cx
2013-04-11 8:39 ` [Bug stdio/13988] " schwab@linux-m68k.org
2014-06-25 11:15 ` fweimer at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: bugdal at aerifal dot cx @ 2012-04-18 5:42 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13988
Bug #: 13988
Summary: scanf %f reads too many characters on non-matching
"+.e" input
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: stdio
AssignedTo: unassigned@sourceware.org
ReportedBy: bugdal@aerifal.cx
Classification: Unclassified
I found this bug while investigating bug #12701 (my test cases attached there
will reproduce it), but it seems to be a separate issue. Bug #12701 involves
scanf wrongly accepting non-matching inputs.
Given the input "+.e", scanf (using %f) will correctly reject it as
non-matching, but will leave the file position at an incorrect offset of 3
rather than 2. In other words, it's recognizing that a degenerate floating
point value with no mantissa digits is invalid, but only after trying to parse
all the way to the end of the exponent. This is incorrect per ISO C, which
defines the input item as "the longest sequence of input characters which does
not exceed any specified field width and which is, or is a prefix of, a
matching input sequence".
The correct behavior would be to, upon encountering the "e" which is invalid
after a degenerate mantissa, end the scan and leave the "e" unread in the
stream.
Also, I just realized this error can be enlarged seemingly arbitrarily by
appending a pseudo-exponent. For example, given "+.e" followed by N zeros,
scanf will offset the file position by N+3 instead of by 2, an error of N+1,
and thereby thoroughly consume an integer which could otherwise be read by the
next call to scanf.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug stdio/13988] scanf %f reads too many characters on non-matching "+.e" input
2012-04-18 5:42 [Bug stdio/13988] New: scanf %f reads too many characters on non-matching "+.e" input bugdal at aerifal dot cx
@ 2013-04-11 8:39 ` schwab@linux-m68k.org
2014-06-25 11:15 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: schwab@linux-m68k.org @ 2013-04-11 8:39 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13988
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Target Milestone|--- |2.18
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> 2013-04-11 08:39:26 UTC ---
Fixed by 6ecec3b616aeaf121c68c1053cd17fdcf0cdb5a2
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug stdio/13988] scanf %f reads too many characters on non-matching "+.e" input
2012-04-18 5:42 [Bug stdio/13988] New: scanf %f reads too many characters on non-matching "+.e" input bugdal at aerifal dot cx
2013-04-11 8:39 ` [Bug stdio/13988] " schwab@linux-m68k.org
@ 2014-06-25 11:15 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: fweimer at redhat dot com @ 2014-06-25 11:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=13988
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-06-25 11:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-18 5:42 [Bug stdio/13988] New: scanf %f reads too many characters on non-matching "+.e" input bugdal at aerifal dot cx
2013-04-11 8:39 ` [Bug stdio/13988] " schwab@linux-m68k.org
2014-06-25 11:15 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).