diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-05-03 10:34:11 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2021-05-03 10:34:11 +0200 |
commit | b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0 (patch) | |
tree | b525ecb1617634a5bdb0134238268012a8a8ca52 /stdio-common | |
parent | c2fd60a5861efef48252f5cc7efc70e1d8a0da9a (diff) | |
download | glibc-b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0.zip glibc-b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0.tar.gz glibc-b03e4d7bd25b1ac485f858f0a857ba6085e8c9b0.tar.bz2 |
stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)
Patterns like %*[ can safely be used to match a great many characters,
and it's quite realisitic to use them for more than INT_MAX characters
from an IO stream.
With the previous approach, after INT_MAX characters (v)fscanf would
return successfully, indicating an end to the match, even though there
wasn't one.
Diffstat (limited to 'stdio-common')
-rw-r--r-- | stdio-common/vfscanf-internal.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c index 38e7477..1d81e16 100644 --- a/stdio-common/vfscanf-internal.c +++ b/stdio-common/vfscanf-internal.c @@ -2479,11 +2479,6 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, else not_in = 0; - if (width < 0) - /* There is no width given so there is also no limit on the - number of characters we read. Therefore we set width to - a very high value to make the algorithm easier. */ - width = INT_MAX; #ifdef COMPILE_WSCANF /* Find the beginning and the end of the scanlist. We are not @@ -2647,7 +2642,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, } } } - while (--width > 0 && inchar () != WEOF); + while ((width < 0 || --width > 0) && inchar () != WEOF); out: #else char buf[MB_LEN_MAX]; @@ -2732,7 +2727,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, } } - if (--width <= 0) + if (width >= 0 && --width <= 0) break; } while (inchar () != EOF); @@ -2884,7 +2879,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, assert (n <= MB_LEN_MAX); str += n; } - while (--width > 0 && inchar () != WEOF); + while ((width < 0 || --width > 0) && inchar () != WEOF); out2: #else do @@ -2938,7 +2933,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, } } } - while (--width > 0 && inchar () != EOF); + while ((width < 0 || --width > 0) && inchar () != EOF); #endif if (__glibc_unlikely (now == read_in)) |