This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/13389] New: scanf "%0s"

From: "1123monkey at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Sun, 06 Nov 2011 02:57:43 +0000
Subject: [Bug libc/13389] New: scanf "%0s"
Auto-submitted: auto-generated

http://sourceware.org/bugzilla/show_bug.cgi?id=13389

             Bug #: 13389
           Summary: scanf "%0s"
           Product: glibc
           Version: 2.11
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: 1123monkey@gmail.com
    Classification: Unclassified


I've read the manual of scanf, it says:
Reading of characters stops either when this maximum  is  reached  or when a
nonmatching character is found, whichever happens first. ...... String input
conversions store a null terminator ('\0') to mark the end of the input; the
maximum field width does not include this terminator. 

so, in the source below:

char c;
char *p= &c;
scanf("%0s", p);

The maximum is immediately reached, scanf should read nothing, then fill c with
\0.
But scanf indeed works just as the format is "%s" and it messes up the stack.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Follow-Ups:
- [Bug libc/13389] scanf "%0s"
  - From: 1123monkey at gmail dot com
- [Bug libc/13389] scanf "%0s"
  - From: 1123monkey at gmail dot com
- [Bug libc/13389] scanf "%0s"
  - From: bugdal at aerifal dot cx

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]