aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGabriel F. T. Gomes <gftg@linux.vnet.ibm.com>2016-09-20 14:19:27 -0300
committerGabriel F. T. Gomes <gftg@linux.vnet.ibm.com>2016-10-26 09:56:24 -0200
commit726d48ec96f8b8a27e17cffaacb83588589e2f78 (patch)
tree49ab897e23e6c65b2a01b5b4500744f252f1d1fe /stdio-common
parentmalloc: Remove malloc_get_state, malloc_set_state [BZ #19473] (diff)
downloadglibc-726d48ec96f8b8a27e17cffaacb83588589e2f78.tar.gz
glibc-726d48ec96f8b8a27e17cffaacb83588589e2f78.tar.bz2
glibc-726d48ec96f8b8a27e17cffaacb83588589e2f78.zip
Use read_int in vfscanf
The function read_int, from printf-parse.h, parses an integer from a string while avoiding overflows. It is used by other functions, such as vfprintf, to avoid undefined behavior. The function vfscanf (_IO_vfwscanf) parses an integer from the format string, and can use read_int.
Diffstat (limited to 'stdio-common')
-rw-r--r--stdio-common/vfscanf.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
index fe3677ba10..7caa96fbe2 100644
--- a/stdio-common/vfscanf.c
+++ b/stdio-common/vfscanf.c
@@ -133,6 +133,8 @@
# define WINT_T int
#endif
+#include "printf-parse.h" /* Use read_int. */
+
#define encode_error() do { \
errval = 4; \
__set_errno (EILSEQ); \
@@ -488,9 +490,7 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
/* Check for a positional parameter specification. */
if (ISDIGIT ((UCHAR_T) *f))
{
- argpos = (UCHAR_T) *f++ - L_('0');
- while (ISDIGIT ((UCHAR_T) *f))
- argpos = argpos * 10 + ((UCHAR_T) *f++ - L_('0'));
+ argpos = read_int ((const UCHAR_T **) &f);
if (*f == L_('$'))
++f;
else
@@ -525,11 +525,8 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
/* Find the maximum field width. */
width = 0;
- while (ISDIGIT ((UCHAR_T) *f))
- {
- width *= 10;
- width += (UCHAR_T) *f++ - L_('0');
- }
+ if (ISDIGIT ((UCHAR_T) *f))
+ width = read_int ((const UCHAR_T **) &f);
got_width:
if (width == 0)
width = -1;