[glibc] stdio: fix vfscanf with matches longer than INT

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc] stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
@ 2021-05-03  8:56 Florian Weimer
  0 siblings, 0 replies; only message in thread
From: Florian Weimer @ 2021-05-03  8:56 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0

commit b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0
Author: Alyssa Ross <hi@alyssa.is>
Date:   Mon May 3 10:34:11 2021 +0200

    stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
    
    Patterns like %*[ can safely be used to match a great many characters,
    and it's quite realisitic to use them for more than INT_MAX characters
    from an IO stream.
    
    With the previous approach, after INT_MAX characters (v)fscanf would
    return successfully, indicating an end to the match, even though there
    wasn't one.

Diff:
---
 stdio-common/vfscanf-internal.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c
index 38e74776a5..1d81e16f4e 100644
--- a/stdio-common/vfscanf-internal.c
+++ b/stdio-common/vfscanf-internal.c
@@ -2479,11 +2479,6 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 	  else
 	    not_in = 0;
 
-	  if (width < 0)
-	    /* There is no width given so there is also no limit on the
-	       number of characters we read.  Therefore we set width to
-	       a very high value to make the algorithm easier.  */
-	    width = INT_MAX;
 
 #ifdef COMPILE_WSCANF
 	  /* Find the beginning and the end of the scanlist.  We are not
@@ -2647,7 +2642,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 			}
 		    }
 		}
-	      while (--width > 0 && inchar () != WEOF);
+	      while ((width < 0 || --width > 0) && inchar () != WEOF);
 	    out:
 #else
 	      char buf[MB_LEN_MAX];
@@ -2732,7 +2727,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 			}
 		    }
 
-		  if (--width <= 0)
+		  if (width >= 0 && --width <= 0)
 		    break;
 		}
 	      while (inchar () != EOF);
@@ -2884,7 +2879,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 		  assert (n <= MB_LEN_MAX);
 		  str += n;
 		}
-	      while (--width > 0 && inchar () != WEOF);
+	      while ((width < 0 || --width > 0) && inchar () != WEOF);
 	    out2:
 #else
 	      do
@@ -2938,7 +2933,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
 			}
 		    }
 		}
-	      while (--width > 0 && inchar () != EOF);
+	      while ((width < 0 || --width > 0) && inchar () != EOF);
 #endif
 
 	      if (__glibc_unlikely (now == read_in))


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-05-03  8:56 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-03  8:56 [glibc] stdio: fix vfscanf with matches longer than INT_MAX (bug 27650) Florian Weimer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).