public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read
@ 2013-03-24 17:22 repentinus at fsfe dot org
2013-03-24 17:41 ` [Bug stdio/15301] " repentinus at fsfe dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: repentinus at fsfe dot org @ 2013-03-24 17:22 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15301
Bug #: 15301
Summary: scanf family misbehaves on %m when zero characters are
read
Product: glibc
Version: 2.17
Status: NEW
Severity: normal
Priority: P2
Component: stdio
AssignedTo: unassigned@sourceware.org
ReportedBy: repentinus@fsfe.org
Classification: Unclassified
Demonstration at <http://ideone.com/1l4qWb> (11 lines). After the sscanf call b
should point to otherwise empty null-terminated string (e.g., ""). However, as
can be seen from the example, b becomes a null pointer.
The POSIX specification states: "The %c , %s , and %[ conversion specifiers
shall accept an optional assignment-allocation character 'm' , which shall
cause a memory buffer to be allocated to hold the string converted including a
terminating null character. […] The system shall allocate a buffer as if
malloc() had been called. […] If there is insufficient memory to allocate a
buffer, the function shall set errno to [ENOMEM] and a conversion error shall
result. If the function returns EOF, any memory successfully allocated for
parameters using assignment-allocation character 'm' by this call shall be
freed before the function returns."
<http://pubs.opengroup.org/onlinepubs/9699919799/>
In the example case there is neither insufficient memory nor is EOF returned.
Thus, b should point to "", and should not be null.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
>From glibc-bugs-return-18213-listarch-glibc-bugs=sources.redhat.com@sourceware.org Sun Mar 24 17:35:04 2013
Return-Path: <glibc-bugs-return-18213-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 4884 invoked by alias); 24 Mar 2013 17:35:04 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 4791 invoked by uid 48); 24 Mar 2013 17:34:56 -0000
From: "repentinus at fsfe dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
Date: Sun, 24 Mar 2013 17:35:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: stdio
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: repentinus at fsfe dot org
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields:
Message-ID: <bug-15301-131-Go5Z1l49q6@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-15301-131@http.sourceware.org/bugzilla/>
References: <bug-15301-131@http.sourceware.org/bugzilla/>
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
X-SW-Source: 2013-03/txt/msg00112.txt.bz2
Content-length: 466
http://sourceware.org/bugzilla/show_bug.cgi?id\x15301
--- Comment #1 from Heiki Ojasild <repentinus at fsfe dot org> 2013-03-24 17:34:56 UTC ---
Created attachment 6945
--> http://sourceware.org/bugzilla/attachment.cgi?idi45
Testcase demonstrating the problem (identical to the one on IdeOne)
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
@ 2013-03-24 17:41 ` repentinus at fsfe dot org
2013-03-25 1:47 ` repentinus at fsfe dot org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: repentinus at fsfe dot org @ 2013-03-24 17:41 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15301
Heiki Ojasild <repentinus at fsfe dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |repentinus at fsfe dot org
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
2013-03-24 17:41 ` [Bug stdio/15301] " repentinus at fsfe dot org
@ 2013-03-25 1:47 ` repentinus at fsfe dot org
2013-05-09 16:56 ` ondra at iuuk dot mff.cuni.cz
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: repentinus at fsfe dot org @ 2013-03-25 1:47 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15301
--- Comment #2 from Heiki Ojasild <repentinus at fsfe dot org> 2013-03-25 01:47:50 UTC ---
Created attachment 6946
--> http://sourceware.org/bugzilla/attachment.cgi?id=6946
Another test case
It is also possible to adopt the view that since non-empty sequences do not
math %[, "" should not be put into the pointer. However, in that case there is
no reason to alter the value of the pointer, which glibc does as demonstrated
in the attached testcase (also at <http://ideone.com/Vv3Opu>).
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
2013-03-24 17:41 ` [Bug stdio/15301] " repentinus at fsfe dot org
2013-03-25 1:47 ` repentinus at fsfe dot org
@ 2013-05-09 16:56 ` ondra at iuuk dot mff.cuni.cz
2013-11-15 20:45 ` bugdal at aerifal dot cx
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: ondra at iuuk dot mff.cuni.cz @ 2013-05-09 16:56 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15301
OndrejBilka <ondra at iuuk dot mff.cuni.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ondra at iuuk dot
| |mff.cuni.cz
--- Comment #3 from OndrejBilka <ondra at iuuk dot mff.cuni.cz> 2013-05-09 16:56:04 UTC ---
I looked in code and probable cause is that we call realloc(x,0) that returns
NULL.
However relevant code should be refactored before this can be fixed.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
` (2 preceding siblings ...)
2013-05-09 16:56 ` ondra at iuuk dot mff.cuni.cz
@ 2013-11-15 20:45 ` bugdal at aerifal dot cx
2013-11-17 8:17 ` neleai at seznam dot cz
2014-06-13 18:40 ` fweimer at redhat dot com
5 siblings, 0 replies; 7+ messages in thread
From: bugdal at aerifal dot cx @ 2013-11-15 20:45 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15301
Rich Felker <bugdal at aerifal dot cx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugdal at aerifal dot cx
--- Comment #4 from Rich Felker <bugdal at aerifal dot cx> ---
This is not a bug. The conversion specifier results in a matching failure
(because no characters were read). The return value of 0 indicates that nothing
was read into the argument (in particular, no pointer should be assigned when
%m is used).
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
` (3 preceding siblings ...)
2013-11-15 20:45 ` bugdal at aerifal dot cx
@ 2013-11-17 8:17 ` neleai at seznam dot cz
2014-06-13 18:40 ` fweimer at redhat dot com
5 siblings, 0 replies; 7+ messages in thread
From: neleai at seznam dot cz @ 2013-11-17 8:17 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15301
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |neleai at seznam dot cz
Resolution|--- |INVALID
--- Comment #5 from Ondrej Bilka <neleai at seznam dot cz> ---
As previously said a %m[ matches only nonempty sequence.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug stdio/15301] scanf family misbehaves on %m when zero characters are read
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
` (4 preceding siblings ...)
2013-11-17 8:17 ` neleai at seznam dot cz
@ 2014-06-13 18:40 ` fweimer at redhat dot com
5 siblings, 0 replies; 7+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 18:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15301
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-06-13 18:40 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-24 17:22 [Bug stdio/15301] New: scanf family misbehaves on %m when zero characters are read repentinus at fsfe dot org
2013-03-24 17:41 ` [Bug stdio/15301] " repentinus at fsfe dot org
2013-03-25 1:47 ` repentinus at fsfe dot org
2013-05-09 16:56 ` ondra at iuuk dot mff.cuni.cz
2013-11-15 20:45 ` bugdal at aerifal dot cx
2013-11-17 8:17 ` neleai at seznam dot cz
2014-06-13 18:40 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).