23274 – scanf of 100ergs done wrong

Bug 23274 - scanf of 100ergs done wrong

Summary: scanf of 100ergs done wrong

Status:	RESOLVED DUPLICATE of bug 12701

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	2.27

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-06-11 22:52 UTC by Fred Tydeman
Modified:	2018-06-12 15:09 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fred Tydeman 2018-06-11 22:52:23 UTC

scanf does just one character lookahead.  Therefore, scanf using %f of "100ergs" should be a matching failure.  This has existed since C89.  The words in the current C17 standard (same as in C99) are:  7.21.6.2 The fscanf function
Paragraph 9: An input item is defined as the longest sequence of input characters which does not exceed any specified field width and which is, or is a prefix of, a matching input sequence.291) The first character, if any, after the input item remains unread.

291) fscanf pushes back at most one input character onto the input stream. Therefore, some sequences that are acceptable to strtod, strtol, etc., are unacceptable to fscanf

Comment 1 Andreas Schwab 2018-06-12 08:00:11 UTC

Dup.

*** This bug has been marked as a duplicate of bug 1765 ***

Comment 2 Joseph Myers 2018-06-12 11:15:14 UTC

Bug 12701 is the main open bug tracking this issue.

*** This bug has been marked as a duplicate of bug 12701 ***