[Libguestfs] RFC: *scanf vs. overflow
Paul Eggert
eggert at cs.ucla.edu
Sat May 23 15:25:39 UTC 2020
On 5/23/20 12:06 AM, Richard W.M. Jones via Libc-alpha wrote:
> https://github.com/libguestfs/nbdkit/blob/b23f4f53cf71326f1dba481f64f7f182c20fa3dc/plugins/data/format.c#L171-L172
> We can only do this safely where we can prove that overflow does not
> matter.
Yes, this is exactly the sort of usage that I had in mind. In the following
example, which is the first use of *scanf I saw, if scanf never allowed integer
overflow (that is, it scanned only as much of a number that would fit), this
code would output an error message instead of blithely going on with an
overflowed number, and this would be safer than the code's current behavior.
> if (sscanf (&value[i], "*%" SCNi64 "%n", &k, &n) == 1) {
> if (k < 0) {
> nbdkit_error ("data parameter *N must be >= 0");
> return -1;
> }
> ...
> } else {
> nbdkit_error ("')' in data string not followed by '*'");
> return -1;
> }
More information about the Libguestfs
mailing list