public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc] stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
@ 2021-05-03 8:56 Florian Weimer
0 siblings, 0 replies; only message in thread
From: Florian Weimer @ 2021-05-03 8:56 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0
commit b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0
Author: Alyssa Ross <hi@alyssa.is>
Date: Mon May 3 10:34:11 2021 +0200
stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
Patterns like %*[ can safely be used to match a great many characters,
and it's quite realisitic to use them for more than INT_MAX characters
from an IO stream.
With the previous approach, after INT_MAX characters (v)fscanf would
return successfully, indicating an end to the match, even though there
wasn't one.
Diff:
---
stdio-common/vfscanf-internal.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c
index 38e74776a5..1d81e16f4e 100644
--- a/stdio-common/vfscanf-internal.c
+++ b/stdio-common/vfscanf-internal.c
@@ -2479,11 +2479,6 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
else
not_in = 0;
- if (width < 0)
- /* There is no width given so there is also no limit on the
- number of characters we read. Therefore we set width to
- a very high value to make the algorithm easier. */
- width = INT_MAX;
#ifdef COMPILE_WSCANF
/* Find the beginning and the end of the scanlist. We are not
@@ -2647,7 +2642,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
}
}
}
- while (--width > 0 && inchar () != WEOF);
+ while ((width < 0 || --width > 0) && inchar () != WEOF);
out:
#else
char buf[MB_LEN_MAX];
@@ -2732,7 +2727,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
}
}
- if (--width <= 0)
+ if (width >= 0 && --width <= 0)
break;
}
while (inchar () != EOF);
@@ -2884,7 +2879,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
assert (n <= MB_LEN_MAX);
str += n;
}
- while (--width > 0 && inchar () != WEOF);
+ while ((width < 0 || --width > 0) && inchar () != WEOF);
out2:
#else
do
@@ -2938,7 +2933,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
}
}
}
- while (--width > 0 && inchar () != EOF);
+ while ((width < 0 || --width > 0) && inchar () != EOF);
#endif
if (__glibc_unlikely (now == read_in))
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-03 8:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-03 8:56 [glibc] stdio: fix vfscanf with matches longer than INT_MAX (bug 27650) Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).