From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by sourceware.org (Postfix) with ESMTPS id BE43438582B8 for ; Tue, 5 Jul 2022 07:32:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BE43438582B8 Received: by mail-yb1-xb2e.google.com with SMTP id b85so7112216yba.8 for ; Tue, 05 Jul 2022 00:32:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+R0RdbwiX1XkhADM7G/COVmWYCEe0WQWPF26IX/Loa8=; b=obzhbi9kkJa3lHzcQPi5olvMd+/uq7FLavq47cNMY6Ets0PVtVURkX5NFbjRxxZ+Ar doKz41oJTqP1K/DfsRTTlA10cq2y+8Xp2PYScB1HY1rT5Ha5HK0QnnWGWWK+Xa0ZIuuB DbkrrFslmAqw3vtsvHZ1nJxK7Mar53eTC6hKWXCS6ztOhRgB6LJ9xuogGpgpq9Dhj/Xe Y6X+ekH5c8sFMuI+cFSCDWrIzHzlOQEi57eNzhkidS5OLTcgZvn56kPweMhYgoVH98Xv e/B9wPwNSQWjXUkcI1obtIF7UOraEQc9xyNgGFNGuzh8GdmSyF7cswGcAtCCFpLdkX04 aglw== X-Gm-Message-State: AJIora/G1EpnvA23ThAYJuZzq+7AmeB7cLDoegwyRd5lQNOj0RpbmeQI CYARJ8oZLayUKbdDu0swbWcTyjmlBZOUo97hk9eUV/qg X-Google-Smtp-Source: AGRyM1s5WU4bwJWvJZCiLzFkeGjmbhHnhjJNQKzPpN+BEuTylGRzuE9irs+EJNwyaZihs4JFat5MPZI80XNpj8sHXRA= X-Received: by 2002:a25:907:0:b0:66e:3f14:c463 with SMTP id 7-20020a250907000000b0066e3f14c463mr11878644ybj.243.1657006326991; Tue, 05 Jul 2022 00:32:06 -0700 (PDT) MIME-Version: 1.0 From: Yair Lenga Date: Tue, 5 Jul 2022 10:31:56 +0300 Message-ID: Subject: Buffer size checking for scanf* functions To: libc-help@sourceware.org X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jul 2022 07:32:12 -0000 Hi, Looking for feedback on the following age-old scanf problem: I'm trying to perform a "safe' scanf, which will avoid buffer overflow. #define XSIZE 30 char x[XSIZE] ; sscanf(input, "%29s", x) ; With the common pitfall that anytime the size of X is changed, the format string MUST to be modified. One common approach, with glibc, is to use the 'm' modifier, switch x to char **x. However, this require code changes, and is not practical with my existing code base. My question: is there any extension to allow scanf to take an extra argument (similar to the scanf_s proposal) - specifying the sizeof any string arguments ? sscanf(input, "%S", x, sizeof(x)) ; // The 'S' require adding sizeof parameter ? If there is no such extension - how hard it will be to implement. I know possible to define custom conversions for printf, I could not find anything for scanf. IF this will be built into 'glibc', there IF it will be embedded into the gcc format checks (2 big IFs), it can reduce the problems I (and I believe many other developers) face when using those functions. Yair