-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libphoenx/scanf: Fix SEGFAULT caused by invalid processing of %n #357
base: master
Are you sure you want to change the base?
Conversation
1ea9e11
to
364b04b
Compare
364b04b
to
6ba101b
Compare
Hmm, tbh I don't get this change. Block handling |
After reviewing my changes, I've noticed that there is an easier fix, so I will upload it soon and let CI check if it really is enough. Bug is caused by a use of |
6ba101b
to
9e4930e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -318,7 +320,10 @@ static int scanf_parse(char *ccltab, const char *inp, int *inr, char const *fmt0 | |||
else { | |||
*va_arg(ap, int *) = nread; | |||
} | |||
continue; | |||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works because c == 'n'
so it won't match any of CT_*
values in the conversion switch
below. Whitespace will still be skipped anyway. Maybe there should be CT_NONE
value which performs no conversion is used for 'n'
and default
cases, together with NOSKIP
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After my changes c
is not used in the switch statement and CT_NONE
is used for handling %%
and %n
. Default case handles unknown conversion specifiers by ending the conversion (behavior is undefined according to documentation, this is what glibc does).
JIRA: RTOS-374
JIRA: RTOS-825
In particular, spurious trailing '%' could cause over-read of format string. Improve code style (reuse of variable `c` for different data type). JIRA: RTOS-825
c7cf842
to
b5cf545
Compare
Description
Fixes: phoenix-rtos/phoenix-rtos-project#1059
JIRA: RTOS-825
Motivation and Context
Types of changes
How Has This Been Tested?
Checklist:
Special treatment