diff mbox

Use read_int in vfscanf

Message ID 1474595428-20601-1-git-send-email-gftg@linux.vnet.ibm.com
State Committed
Delegated to: Florian Weimer
Headers

Commit Message

Gabriel F T Gomes Sept. 23, 2016, 1:50 a.m. UTC 
  Joseph, while working on your suggestion for strfrom, I noticed that vfscanf
does not use read_int.  Is there a reason for it, or is the following patch OK
for master?

Tested on ppc64le, x86_64.
---8<---
The function read_int, from printf-parse.h, parses an integer from a string
while avoiding overflows.  It is used by other functions, such as vfprintf,
to avoid undefined behavior.

The function vfscanf (_IO_vfwscanf) parses an integer from the format
string, and can use read_int.

2016-09-22  Gabriel F. T. Gomes  <gftg@linux.vnet.ibm.com>

	* stdio-common/vfscanf.c (_IO_vfwscanf): Use read_int to parse
	integer from the format string.
---
 stdio-common/vfscanf.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

Comments

Florian Weimer Oct. 6, 2016, 12:21 p.m. UTC | #1 
On 09/23/2016 03:50 AM, Gabriel F. T. Gomes wrote:

> +	  argpos = read_int ((const UCHAR_T **) &f);

This is a const char * → const unsigned char * cast in the non-wide case 
(and okay), but in the wide case, it goes from const int * to const 
unsigned int *, which is not valid.  This is a pre-existing issue in 
vfprintf.c, so I don't think it should block inclusion of this cleanup.

Florian
Gabriel F T Gomes Oct. 26, 2016, 12:56 p.m. UTC | #2 
On Thu, 6 Oct 2016 14:21:39 +0200
Florian Weimer <fweimer@redhat.com> wrote:

> On 09/23/2016 03:50 AM, Gabriel F. T. Gomes wrote:
> 
> > +	  argpos = read_int ((const UCHAR_T **) &f);  
> 
> This is a const char * → const unsigned char * cast in the non-wide case 
> (and okay), but in the wide case, it goes from const int * to const 
> unsigned int *, which is not valid.  This is a pre-existing issue in 
> vfprintf.c, so I don't think it should block inclusion of this cleanup.

Thanks.  Pushed as 726d48ec.
diff mbox

Patch

diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
index fe3677b..7caa96f 100644
--- a/stdio-common/vfscanf.c
+++ b/stdio-common/vfscanf.c
@@ -133,6 +133,8 @@ 
 # define WINT_T		int
 #endif
 
+#include "printf-parse.h" /* Use read_int.  */
+
 #define encode_error() do {						      \
 			  errval = 4;					      \
 			  __set_errno (EILSEQ);				      \
@@ -488,9 +490,7 @@  _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
       /* Check for a positional parameter specification.  */
       if (ISDIGIT ((UCHAR_T) *f))
 	{
-	  argpos = (UCHAR_T) *f++ - L_('0');
-	  while (ISDIGIT ((UCHAR_T) *f))
-	    argpos = argpos * 10 + ((UCHAR_T) *f++ - L_('0'));
+	  argpos = read_int ((const UCHAR_T **) &f);
 	  if (*f == L_('$'))
 	    ++f;
 	  else
@@ -525,11 +525,8 @@  _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
 
       /* Find the maximum field width.  */
       width = 0;
-      while (ISDIGIT ((UCHAR_T) *f))
-	{
-	  width *= 10;
-	  width += (UCHAR_T) *f++ - L_('0');
-	}
+      if (ISDIGIT ((UCHAR_T) *f))
+	width = read_int ((const UCHAR_T **) &f);
     got_width:
       if (width == 0)
 	width = -1;