Re: [PATCH v3 2/4] vsscanf(): Integer overflow is a conversion failure

[PATCH v3 0/4] Make sscanf() stricter · Demi Marie Obenour <hidden> · 2023-06-10
[PATCH v3 1/4] limits.h: add UCHAR_MAX, SCHAR_MAX, and SCHAR_MIN · Demi Marie Obenour <hidden> · 2023-06-10
Re: [PATCH v3 1/4] limits.h: add UCHAR_MAX, SCHAR_MAX, and SCHAR_MIN · Lee Jones <lee@kernel.org> · 2023-06-12
Re: [PATCH v3 1/4] limits.h: add UCHAR_MAX, SCHAR_MAX, and SCHAR_MIN · Vincenzo Frascino <vincenzo.frascino@arm.com> · 2023-06-12
Re: [PATCH v3 1/4] limits.h: add UCHAR_MAX, SCHAR_MAX, and SCHAR_MIN · Demi Marie Obenour <hidden> · 2023-06-12
[PATCH v3 2/4] vsscanf(): Integer overflow is a conversion failure · Demi Marie Obenour <hidden> · 2023-06-10
Re: [PATCH v3 2/4] vsscanf(): Integer overflow is a conversion failure · Rasmus Villemoes <linux@rasmusvillemoes.dk> · 2023-06-12
[PATCH v3 3/4] vsscanf(): do not skip spaces · Demi Marie Obenour <hidden> · 2023-06-10
Re: [PATCH v3 3/4] vsscanf(): do not skip spaces · Rasmus Villemoes <linux@rasmusvillemoes.dk> · 2023-06-12
RE: [PATCH v3 3/4] vsscanf(): do not skip spaces · David Laight <hidden> · 2023-06-13
RE: [PATCH v3 3/4] vsscanf(): do not skip spaces · David Laight <hidden> · 2023-06-12
[PATCH v3 4/4] Reject NUL bytes in xenstore nodes · Demi Marie Obenour <hidden> · 2023-06-10
Re: [PATCH v3 0/4] Make sscanf() stricter · Andy Shevchenko <andriy.shevchenko@linux.intel.com> · 2023-06-12

From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Date: 2023-06-12 11:05:42
Also in: linux-staging, lkml, xen-devel

On 10/06/2023 22.40, Demi Marie Obenour wrote:

sscanf() and friends currently ignore integer overflow, but this is a
bad idea.  It is much better to detect integer overflow errors and
consider this a conversion failure.

Perhaps. And maybe I even agree. But not like this:

quoted hunk ↗ jump to hunk

 	while (*fmt) {
 		/* skip any white space in format */

@@ -3464,6 +3474,9 @@ int vsscanf(const char *buf, const char *fmt, va_list args)
 			break;
 		++fmt;
 
+		allow_overflow = *fmt == '!';
+		fmt += (int)allow_overflow;
+

You can't do that. Or, at least, you won't be able to actually use %!d
anywhere, because the compiler will yell at you:

lib/vsprintf.c: In function ‘foobar’:
lib/vsprintf.c:3727:26: error: unknown conversion type character ‘!’ in
format [-Werror=format=]
 3727 |  ret = sscanf("12345", "%!d", &val);
      |                          ^

So NAK.

Also, when you make significant changes to the sscanf implementation,
I'd expect the diffstat for the patch series to contain lib/test_scanf.c.

Rasmus

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help