diff options
| author | Maciej W. Rozycki <macro@redhat.com> | 2025-03-28 12:35:53 +0000 |
|---|---|---|
| committer | Maciej W. Rozycki <macro@redhat.com> | 2025-03-28 12:35:53 +0000 |
| commit | 0b390b55085070bfa9598fb42049a32460681308 (patch) | |
| tree | 857f72cc94ef609ad1f418b0c10e5056812024dc /stdio-common | |
| parent | e78cb4f6bd033b09eaf316057598df9315891860 (diff) | |
| download | glibc-0b390b55085070bfa9598fb42049a32460681308.tar.xz glibc-0b390b55085070bfa9598fb42049a32460681308.zip | |
stdio-common: Reject significand prefixes in scanf [BZ #12701]
Reject invalid formatted scanf real input data that is comprised of a
hexadecimal prefix, optionally preceded by a sign, and with no actual
digits following owing to the field width restriction in effect. Such
data is a prefix of, but not a matching input sequence and it is
required by ISO C to cause a matching failure.
Currently a matching success is instead incorrectly produced along with
the conversion result of zero, with the prefix wholly consumed from
input. Where the end of input is marked by the end-of-file condition
rather than the field width restriction in effect a matching failure is
already correctly produced.
Enable input data that causes test failures without this fix in place.
Reviewed-by: Joseph Myers <josmyers@redhat.com>
Diffstat (limited to 'stdio-common')
| -rw-r--r-- | stdio-common/vfscanf-internal.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c index 8c6ccca135..b4cf0f39d5 100644 --- a/stdio-common/vfscanf-internal.c +++ b/stdio-common/vfscanf-internal.c @@ -2155,8 +2155,13 @@ digits_extended_fail: c = inchar (); if (width > 0) --width; - if (width != 0 && TOLOWER (c) == L_('x')) + if (TOLOWER (c) == L_('x')) { + /* If we try to read a number in hexadecimal notation + and we have only the `0x' prefix, this is an error. */ + if (width == 0) + conv_error (); + /* It is a number in hexadecimal format. */ char_buffer_add (&charbuf, c); |