musl/src/stdio/vfscanf.c, branch master musl - an implementation of the standard library for Linux-based systems vfscanf: fix possible invalid free due to uninitialized variable use 2020年07月02日T15:25:44+00:00 Julien Ramseier j.ramseier@gmail.com 2020年07月01日T13:12:14+00:00 a62df9c9b7cad47e62b293abeddaf3fcdf09d8ae vfscanf() may use the variable 'alloc' uninitialized when taking the branch introduced by commit b287cd745c2243f8e5114331763a5a9813b5f6ee. Spotted by clang. 
vfscanf() may use the variable 'alloc' uninitialized when taking the
branch introduced by commit b287cd745c2243f8e5114331763a5a9813b5f6ee.
Spotted by clang.
fix undefined behavior in scanf core 2020年04月17日T19:19:05+00:00 Rich Felker dalias@aerifal.cx 2020年04月17日T17:46:57+00:00 b287cd745c2243f8e5114331763a5a9813b5f6ee as reported/analyzed by Pascal Cuoq, the shlim and shcnt macros/functions are called by the scanf core (vfscanf) with f->rpos potentially null (if the FILE is not yet activated for reading at the time of the call). in this case, they compute differences between a null pointer (f->rpos) and a non-null one (f->buf), resulting in undefined behavior. it's unlikely that any observably wrong behavior occurred in practice, at least without LTO, due to limits on what's visible to the compiler from translation unit boundaries, but this has not been checked. fix is simply ensuring that the FILE is activated for read mode before entering the main scanf loop, and erroring out early if it can't be. 
as reported/analyzed by Pascal Cuoq, the shlim and shcnt
macros/functions are called by the scanf core (vfscanf) with f->rpos
potentially null (if the FILE is not yet activated for reading at the
time of the call). in this case, they compute differences between a
null pointer (f->rpos) and a non-null one (f->buf), resulting in
undefined behavior.
it's unlikely that any observably wrong behavior occurred in practice,
at least without LTO, due to limits on what's visible to the compiler
from translation unit boundaries, but this has not been checked.
fix is simply ensuring that the FILE is activated for read mode before
entering the main scanf loop, and erroring out early if it can't be.
handle whitespace before %% in scanf 2017年09月04日T20:59:38+00:00 Bartosz Brachaczek b.brachaczek@gmail.com 2017年07月09日T21:00:18+00:00 9255dad97e7bfd4165d1aa0f93f2aae321a7a4d8 this is mandated by C and POSIX standards and is in accordance with glibc behavior. 
this is mandated by C and POSIX standards and is in accordance with
glibc behavior.
add __isoc99_vfscanf weak alias to vfscanf 2014年01月08日T21:52:26+00:00 Szabolcs Nagy nsz@port70.net 2014年01月08日T21:52:26+00:00 5f94205369a8b98ce2ce4ad2f7e2dba2da557846 this glibc abi compatibility function was missed when the scanf aliases were added. 
this glibc abi compatibility function was missed when the scanf
aliases were added.
include cleanups: remove unused headers and add feature test macros 2013年12月12日T05:09:18+00:00 Szabolcs Nagy nsz@port70.net 2013年12月12日T05:09:18+00:00 571744447c23f91feb6439948f3a619aca850dfb
avoid crash in scanf when invalid %m format is encountered 2013年09月01日T02:47:44+00:00 Rich Felker dalias@aerifal.cx 2013年09月01日T02:47:44+00:00 cbb8a6979038f96d3f67c659363cebf0615c42ba invalid format strings invoke undefined behavior, so this is not a conformance issue, but it's nicer for scanf to report the error safely instead of calling free on a potentially-uninitialized pointer or a pointer to memory belonging to the caller. 
invalid format strings invoke undefined behavior, so this is not a
conformance issue, but it's nicer for scanf to report the error safely
instead of calling free on a potentially-uninitialized pointer or a
pointer to memory belonging to the caller.
fix uninitialized/stale use of alloc (%m modifier) flag in scanf 2013年07月20日T04:21:11+00:00 Rich Felker dalias@aerifal.cx 2013年07月20日T04:21:11+00:00 1d92cddb1e1ed4b6cc0e55461727561e7a2522e0 for conversion specifiers, alloc is always set when the specifier is parsed. however, if scanf stops due to mismatching literal text, either an uninitialized (if no conversions have been performed yet) or stale (from the previous conversion) of the flag will be used, possibly causing an invalid pointer to be passed to free when the function returns. 
for conversion specifiers, alloc is always set when the specifier is
parsed. however, if scanf stops due to mismatching literal text,
either an uninitialized (if no conversions have been performed yet) or
stale (from the previous conversion) of the flag will be used,
possibly causing an invalid pointer to be passed to free when the
function returns.
fix scanf %c conversion wrongly storing a terminating null byte 2013年06月22日T21:23:45+00:00 Rich Felker dalias@aerifal.cx 2013年06月22日T21:23:45+00:00 ef5507867b59d19f21437970e87b5d0415c07b2e this seems to have been a regression from the refactoring which added the 'm' modifier. 
this seems to have been a regression from the refactoring which added
the 'm' modifier.
implement the 'm' (malloc) modifier for scanf 2013年06月05日T22:18:41+00:00 Rich Felker dalias@aerifal.cx 2013年06月05日T22:18:41+00:00 16a1e0365d83c387d0dddd3c127ac7c8dcdf17fc this commit only covers the byte-based scanf-family functions. the wide functions still lack support for the 'm' modifier. 
this commit only covers the byte-based scanf-family functions. the
wide functions still lack support for the 'm' modifier.
simplify some logic in scanf and remove redundant invalid-format check 2013年06月04日T20:22:02+00:00 Rich Felker dalias@aerifal.cx 2013年06月04日T20:22:02+00:00 1ab59de81e94e7802f85d314a709f8350a0e9b65

AltStyle によって変換されたページ (->オリジナル) /