Re: [PATCH v3 0/4] Make sscanf() stricter
From: Demi Marie Obenour
Date: Wed Jun 14 2023 - 16:09:11 EST
On Wed, Jun 14, 2023 at 08:23:56AM +0000, David Laight wrote:
> From: Demi Marie Obenour
> > Sent: 13 June 2023 16:35
> >
> > On Tue, Jun 13, 2023 at 01:02:59PM +0000, David Laight wrote:
> > > From: Demi Marie Obenour
> > > > Sent: 12 June 2023 22:23
> > > ....
> > > > sscanf(), except to the extent that -Werror=format can keep working.
> > > > Userspace sscanf() is almost useless: it has undefined behavior on
> > > > integer overflow and swallows spaces that should usually be rejected.
> > >
> > > scanf() is designed for parsing space separated data.
> > > Eating spaces it part of its job description.
> > >
> > > David
> >
> > In this case I would prefer to have two versions: one that eats spaces
> > and one that does not. For instance, I don’t think any user of
> > xenbus_scanf() wants the space-swallowing behavior. This can be worked
> > around in xenbus_scanf(), of course, by having it reject strings with
> > spaces (as determened by isspace()) before calling vsscanf().
>
> What sort of formats and data are being used?
Base-10 or base-16 integers, with whitespace never being valid.
> The "%s" format terminates on whitespace.
> Even stroul() (and friends) will skip leading whitespace.
Yes, which is a reason that strto*l() are just broken IMO. I’m trying
to replace their uses in Xen with custom parsing code.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
Attachment:
signature.asc
Description: PGP signature