summaryrefslogtreecommitdiff
path: root/src/stdio/vfscanf.c
AgeCommit message (Collapse)AuthorLines
2020-07-02vfscanf: fix possible invalid free due to uninitialized variable useJulien Ramseier-1/+1
vfscanf() may use the variable 'alloc' uninitialized when taking the branch introduced by commit b287cd745c2243f8e5114331763a5a9813b5f6ee. Spotted by clang.
2020-04-17fix undefined behavior in scanf coreRich Felker-0/+3
as reported/analyzed by Pascal Cuoq, the shlim and shcnt macros/functions are called by the scanf core (vfscanf) with f->rpos potentially null (if the FILE is not yet activated for reading at the time of the call). in this case, they compute differences between a null pointer (f->rpos) and a non-null one (f->buf), resulting in undefined behavior. it's unlikely that any observably wrong behavior occurred in practice, at least without LTO, due to limits on what's visible to the compiler from translation unit boundaries, but this has not been checked. fix is simply ensuring that the FILE is activated for read mode before entering the main scanf loop, and erroring out early if it can't be.
2017-09-04handle whitespace before %% in scanfBartosz Brachaczek-3/+7
this is mandated by C and POSIX standards and is in accordance with glibc behavior.
2014-01-08add __isoc99_vfscanf weak alias to vfscanfSzabolcs Nagy-0/+2
this glibc abi compatibility function was missed when the scanf aliases were added.
2013-12-12include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy-4/+1
2013-08-31avoid crash in scanf when invalid %m format is encounteredRich Felker-0/+2
invalid format strings invoke undefined behavior, so this is not a conformance issue, but it's nicer for scanf to report the error safely instead of calling free on a potentially-uninitialized pointer or a pointer to memory belonging to the caller.
2013-07-20fix uninitialized/stale use of alloc (%m modifier) flag in scanfRich Felker-0/+2
for conversion specifiers, alloc is always set when the specifier is parsed. however, if scanf stops due to mismatching literal text, either an uninitialized (if no conversions have been performed yet) or stale (from the previous conversion) of the flag will be used, possibly causing an invalid pointer to be passed to free when the function returns.
2013-06-22fix scanf %c conversion wrongly storing a terminating null byteRich Felker-2/+4
this seems to have been a regression from the refactoring which added the 'm' modifier.
2013-06-05implement the 'm' (malloc) modifier for scanfRich Felker-22/+48
this commit only covers the byte-based scanf-family functions. the wide functions still lack support for the 'm' modifier.
2013-06-04simplify some logic in scanf and remove redundant invalid-format checkRich Felker-18/+8
2013-06-04refactor scanf core to use common code path for all string formatsRich Felker-85/+52
the concept here is that %s and %c are essentially special-cases of %[, with some minimal additional special-casing. aside from simplifying the code and reducing the number of complex code-paths that would need changing to make optimizations later, the main purpose of this change is to simplify addition of the 'm' modifier which causes scanf to allocate storage for the string being read.
2012-11-08clean up stdio_impl.hRich Felker-1/+1
this header evolved to facilitate the extremely lazy practice of omitting explicit includes of the necessary headers in individual stdio source files; not only was this sloppy, but it also increased build time. now, stdio_impl.h is only including the headers it needs for its own use; any further headers needed by source files are included directly where needed.
2012-09-06use restrict everywhere it's required by c99 and/or posix 2008Rich Felker-1/+1
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
2012-06-07fix scanf bug reading literals after width-limited fieldRich Felker-0/+1
the field width limit was not being cleared before reading the literal, causing spurious failures in scanf in cases like "%2d:" scanning "00:".
2012-04-19fix really bad breakage in strtol, etc.: failure to accept leading spacesRich Felker-1/+1
2012-04-17fix over-read in %ls with non-wide scanfRich Felker-0/+1
2012-04-17fix some bugs in scanf %[ handling detected while writing the wide versionRich Felker-4/+4
2012-04-17avoid null pointer dereference on %*p fields in scanfRich Felker-1/+1
2012-04-16new scanf implementation and corresponding integer parser/converterRich Felker-16/+322
advantages over the old code: - correct results for floating point (old code was bogus) - wide/regular scanf separated so scanf does not pull in wide code - well-defined behavior on integers that overflow dest type - support for %[a-b] ranges with %[ (impl-defined by widely used) - no intermediate conversion of fmt string to wide string - cleaner, easier to share code with strto* functions - better standards conformance for corner cases the old code remains in the source tree, as the wide versions of the scanf-family functions are still using it. it will be removed when no longer needed.
2011-03-28major stdio overhaul, using readv/writev, plus other changesRich Felker-10/+3
the biggest change in this commit is that stdio now uses readv to fill the caller's buffer and the FILE buffer with a single syscall, and likewise writev to flush the FILE buffer and write out the caller's buffer in a single syscall. making this change required fundamental architectural changes to stdio, so i also made a number of other improvements in the process: - the implementation no longer assumes that further io will fail following errors, and no longer blocks io when the error flag is set (though the latter could easily be changed back if desired) - unbuffered mode is no longer implemented as a one-byte buffer. as a consequence, scanf unreading has to use ungetc, to the unget buffer has been enlarged to hold at least 2 wide characters. - the FILE structure has been rearranged to maintain the locations of the fields that might be used in glibc getc/putc type macros, while shrinking the structure to save some space. - error cases for fflush, fseek, etc. should be more correct. - library-internal macros are used for getc_unlocked and putc_unlocked now, eliminating some ugly code duplication. __uflow and __overflow are no longer used anywhere but these macros. switch to read or write mode is also separated so the code can be better shared, e.g. with ungetc. - lots of other small things.
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker-0/+43