Re: [PATCH v3 2/4] vsscanf(): Integer overflow is a conversion failure

From: Rasmus Villemoes
Date: Mon Jun 12 2023 - 07:05:42 EST

Next message: Maso Hunag: "[PATCH 1/7] ASoC: mediatek: mt79xx: add common header"
Previous message: Maso Hunag: "[PATCH 0/7] ASoC: mediatek: Add support for MT79xx SoC"
In reply to: Demi Marie Obenour: "[PATCH v3 2/4] vsscanf(): Integer overflow is a conversion failure"
Next in thread: Demi Marie Obenour: "[PATCH v3 3/4] vsscanf(): do not skip spaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/06/2023 22.40, Demi Marie Obenour wrote:
> sscanf() and friends currently ignore integer overflow, but this is a
> bad idea. It is much better to detect integer overflow errors and
> consider this a conversion failure.

Perhaps. And maybe I even agree. But not like this:

> while (*fmt) {
> /* skip any white space in format */
> @@ -3464,6 +3474,9 @@ int vsscanf(const char *buf, const char *fmt, va_list args)
> break;
> ++fmt;
>
> + allow_overflow = *fmt == '!';
> + fmt += (int)allow_overflow;
> +

You can't do that. Or, at least, you won't be able to actually use %!d
anywhere, because the compiler will yell at you:

lib/vsprintf.c: In function ‘foobar’:
lib/vsprintf.c:3727:26: error: unknown conversion type character ‘!’ in
format [-Werror=format=]
3727 | ret = sscanf("12345", "%!d", &val);
| ^

So NAK.

Also, when you make significant changes to the sscanf implementation,
I'd expect the diffstat for the patch series to contain lib/test_scanf.c.

Rasmus

Next message: Maso Hunag: "[PATCH 1/7] ASoC: mediatek: mt79xx: add common header"
Previous message: Maso Hunag: "[PATCH 0/7] ASoC: mediatek: Add support for MT79xx SoC"
In reply to: Demi Marie Obenour: "[PATCH v3 2/4] vsscanf(): Integer overflow is a conversion failure"
Next in thread: Demi Marie Obenour: "[PATCH v3 3/4] vsscanf(): do not skip spaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]