aboutsummaryrefslogtreecommitdiff
path: root/stdio-common
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2021-05-03 10:34:11 +0200
committerFlorian Weimer <fweimer@redhat.com>2021-05-03 10:34:11 +0200
commitb03e4d7bd25b1ac485f858f0a857ba6085e8c9b0 (patch)
treeb525ecb1617634a5bdb0134238268012a8a8ca52 /stdio-common
parentc2fd60a5861efef48252f5cc7efc70e1d8a0da9a (diff)
downloadglibc-b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0.zip
glibc-b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0.tar.gz
glibc-b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0.tar.bz2
stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
Patterns like %*[ can safely be used to match a great many characters, and it's quite realisitic to use them for more than INT_MAX characters from an IO stream. With the previous approach, after INT_MAX characters (v)fscanf would return successfully, indicating an end to the match, even though there wasn't one.
Diffstat (limited to 'stdio-common')
-rw-r--r--stdio-common/vfscanf-internal.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c
index 38e7477..1d81e16 100644
--- a/stdio-common/vfscanf-internal.c
+++ b/stdio-common/vfscanf-internal.c
@@ -2479,11 +2479,6 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
else
not_in = 0;
- if (width < 0)
- /* There is no width given so there is also no limit on the
- number of characters we read. Therefore we set width to
- a very high value to make the algorithm easier. */
- width = INT_MAX;
#ifdef COMPILE_WSCANF
/* Find the beginning and the end of the scanlist. We are not
@@ -2647,7 +2642,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
}
}
}
- while (--width > 0 && inchar () != WEOF);
+ while ((width < 0 || --width > 0) && inchar () != WEOF);
out:
#else
char buf[MB_LEN_MAX];
@@ -2732,7 +2727,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
}
}
- if (--width <= 0)
+ if (width >= 0 && --width <= 0)
break;
}
while (inchar () != EOF);
@@ -2884,7 +2879,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
assert (n <= MB_LEN_MAX);
str += n;
}
- while (--width > 0 && inchar () != WEOF);
+ while ((width < 0 || --width > 0) && inchar () != WEOF);
out2:
#else
do
@@ -2938,7 +2933,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
}
}
}
- while (--width > 0 && inchar () != EOF);
+ while ((width < 0 || --width > 0) && inchar () != EOF);
#endif
if (__glibc_unlikely (now == read_in))