From patchwork Thu Mar 25 14:01:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alyssa Ross X-Patchwork-Id: 42771 X-Patchwork-Delegate: fweimer@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 557863844047; Thu, 25 Mar 2021 14:01:18 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by sourceware.org (Postfix) with ESMTPS id 7792B384406C for ; Thu, 25 Mar 2021 14:01:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 7792B384406C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=alyssa.is Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=qyliss@eve.qyliss.net Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3A1705C00CD for ; Thu, 25 Mar 2021 10:01:16 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Thu, 25 Mar 2021 10:01:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h= from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; s=fm2; bh=5G5jewYIH837KePPJGa0omo70D W6aFiE32/JHNV4rlg=; b=OWygHzCeTRaznng8Y8AwypNCPjIN9pKMo3NnZZ6frQ t6DSFDQUke4ynfEU20QNCJJNDsX6TfAmqCB9NMErZD4jTu9K2xUJz2RH5Tvl0MmP vj3DAbJUxICELKX9/Skvqs5BqK7O/M57+D/6DSVxDV3h2Vghm5CTX6HwcKpjcSBS c3qEB/LSqRU+sKl/yL/W3DnZ9g15rWhr/vNTRjlJmuEO47hwhq1lKq+LCM/dwrq4 +Qy3wphP5XjuAUTH1wFHbhr67iA2MLcW8+pg8wFN4PJv0qTUDDb4ozSM7z+MXciw 9ZnYhz4Vks0NtjIZIWbIPcRLI+8XtDxZzi+9EV3i8cwA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=5G5jewYIH837KePPJ Ga0omo70DW6aFiE32/JHNV4rlg=; b=jl5deIWQVxdPrBG6Jqrs2PYDFONJstmT6 OGgN252TB9SqzqFWzv7JzTQ/cCXsnep8OZgx/GZPqMFdXDOFR9l0+/Sl2hvKn7Cl gEEaLX2tO0YeyhCfJCoiXymaAma2MbZ/aho3IPVZ7qzb7Xp6HnMlRsvBCwIyWA9H 2cfTVEzf6qYJ1q82rJmQCtDS7W6HkbRlkQ5tzERgDMZe+Np94VnXY6DVwsvHTSR1 18vtsHjZXvIT9TcmqPspV/Xj7Ik9ozDUPQSZZjFjYOXe7QTO4pW3+ro4bct26vDo PkDGvShJd6KdnVXsye9hJXfH72bPU+75CO6PlujCZ6reEOYTLG8QA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudehtddgheelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomheptehlhihsshgrucftohhsshcuoehhihesrghlhihsshgrrdhisheq necuggftrfgrthhtvghrnhephedvfffghfetieejgfetfedtgffhvdehueehvdejudfgge fgleejgfelfeevgfefnecukfhppeekgedrudekgedrvdeftddrvdduleenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehqhihlihhsshesvghvvg drqhihlhhishhsrdhnvght X-ME-Proxy: Received: from eve.qyliss.net (p54b8e6db.dip0.t-ipconnect.de [84.184.230.219]) by mail.messagingengine.com (Postfix) with ESMTPA id 27A9324005B for ; Thu, 25 Mar 2021 10:01:10 -0400 (EDT) Received: by eve.qyliss.net (Postfix, from userid 1000) id 5B0DFFB8; Thu, 25 Mar 2021 14:01:09 +0000 (UTC) From: Alyssa Ross To: libc-alpha@sourceware.org Subject: [PATCH] stdio: fix vfscanf with matches longer than INT_MAX (bug 27650) Date: Thu, 25 Mar 2021 14:01:02 +0000 Message-Id: <20210325140102.31043-1-hi@alyssa.is> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, GIT_PATCH_0, HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_SOFTFAIL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alyssa Ross Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Patterns like %*[ can safely be used to match a great many characters, and it's quite realisitic to use them for more than INT_MAX characters from an IO stream. With the previous approach, after INT_MAX characters (v)fscanf would return successfully, indicating an end to the match, even though there wasn't one. --- I have not done a copyright assignment yet, but I think this change should be small enough to be exempt? stdio-common/vfscanf-internal.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c index 38e74776a5..1d81e16f4e 100644 --- a/stdio-common/vfscanf-internal.c +++ b/stdio-common/vfscanf-internal.c @@ -2479,11 +2479,6 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, else not_in = 0; - if (width < 0) - /* There is no width given so there is also no limit on the - number of characters we read. Therefore we set width to - a very high value to make the algorithm easier. */ - width = INT_MAX; #ifdef COMPILE_WSCANF /* Find the beginning and the end of the scanlist. We are not @@ -2647,7 +2642,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, } } } - while (--width > 0 && inchar () != WEOF); + while ((width < 0 || --width > 0) && inchar () != WEOF); out: #else char buf[MB_LEN_MAX]; @@ -2732,7 +2727,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, } } - if (--width <= 0) + if (width >= 0 && --width <= 0) break; } while (inchar () != EOF); @@ -2884,7 +2879,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, assert (n <= MB_LEN_MAX); str += n; } - while (--width > 0 && inchar () != WEOF); + while ((width < 0 || --width > 0) && inchar () != WEOF); out2: #else do @@ -2938,7 +2933,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr, } } } - while (--width > 0 && inchar () != EOF); + while ((width < 0 || --width > 0) && inchar () != EOF); #endif if (__glibc_unlikely (now == read_in))