Bug 23274 - scanf of 100ergs done wrong
Summary: scanf of 100ergs done wrong
Status: RESOLVED DUPLICATE of bug 12701
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.27
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-11 22:52 UTC by Fred Tydeman
Modified: 2018-06-12 15:09 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fred Tydeman 2018-06-11 22:52:23 UTC
scanf does just one character lookahead.  Therefore, scanf using %f of "100ergs" should be a matching failure.  This has existed since C89.  The words in the current C17 standard (same as in C99) are:  7.21.6.2 The fscanf function
Paragraph 9: An input item is defined as the longest sequence of input characters which does not exceed any specified field width and which is, or is a prefix of, a matching input sequence.291) The first character, if any, after the input item remains unread.

291) fscanf pushes back at most one input character onto the input stream. Therefore, some sequences that are acceptable to strtod, strtol, etc., are unacceptable to fscanf
Comment 1 Andreas Schwab 2018-06-12 08:00:11 UTC
Dup.

*** This bug has been marked as a duplicate of bug 1765 ***
Comment 2 Joseph Myers 2018-06-12 11:15:14 UTC
Bug 12701 is the main open bug tracking this issue.

*** This bug has been marked as a duplicate of bug 12701 ***