Summary: | scanf family misbehaves on %m when zero characters are read | ||
---|---|---|---|
Product: | glibc | Reporter: | Heiki Ojasild <repentinus> |
Component: | stdio | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | bugdal, neleai, ondra, repentinus |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | 2.17 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: |
Testcase demonstrating the problem (identical to the one on IdeOne)
Another test case |
Description
Heiki Ojasild
2013-03-24 17:22:06 UTC
Created attachment 6945 [details]
Testcase demonstrating the problem (identical to the one on IdeOne)
Created attachment 6946 [details] Another test case It is also possible to adopt the view that since non-empty sequences do not math %[, "" should not be put into the pointer. However, in that case there is no reason to alter the value of the pointer, which glibc does as demonstrated in the attached testcase (also at <http://ideone.com/Vv3Opu>). I looked in code and probable cause is that we call realloc(x,0) that returns NULL. However relevant code should be refactored before this can be fixed. This is not a bug. The conversion specifier results in a matching failure (because no characters were read). The return value of 0 indicates that nothing was read into the argument (in particular, no pointer should be assigned when %m is used). As previously said a %m[ matches only nonempty sequence. |