[Libguestfs] RFC: *scanf vs. overflow
Richard W.M. Jones
rjones at redhat.com
Tue May 26 09:30:41 UTC 2020
On Sat, May 23, 2020 at 12:45:01PM -0400, Rich Felker wrote:
> I don't follow. *Any* use of scanf on untrusted input is "vulnerable
> to the integer-overflow issue" in the sense that overflow is UB. This
> is not something subtle.
{,s}scanf is a useful, natural way to parse strings, and strto* is a
horrible interface with many bear traps. It seems to me scanf could
be changed to make it safe for overflow, simply by stopping parsing at
the point where the overflow occurs and returning a short count (or
the various other ideas suggested already in this thread).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list