summaryrefslogtreecommitdiff
path: root/libc/stdio
diff options
context:
space:
mode:
authorWill Newton <will.newton@imgtec.com>2015-05-08 01:15:19 +0300
committerWaldemar Brodkorb <wbx@openadk.org>2015-06-10 10:17:53 -0500
commitb2d27c71bd13820a4263fa7ebda4c1a4a95b501c (patch)
treee9907f693fbf5a0884ccac78349290d4069bdec5 /libc/stdio
parentb6c1e98422165a36b19a68daaeee11856033a7f1 (diff)
_scanf.c: Implement 'm' modifier for 'c' and '[' conversions.
The current code implements the 'm' modifier only for 's' conversions and would cause a segfault if it was used for 'c' or '[' conversions. This patch extends the code to cover these cases too. The original version could write scanned data outside the passed buffer because index i used in the '[' conversion handling block was clobbered. Signed-off-by: Will Newton <will.newton@imgtec.com> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Diffstat (limited to 'libc/stdio')
-rw-r--r--libc/stdio/_scanf.c51
1 files changed, 33 insertions, 18 deletions
diff --git a/libc/stdio/_scanf.c b/libc/stdio/_scanf.c
index d48fd1267..f2a96700b 100644
--- a/libc/stdio/_scanf.c
+++ b/libc/stdio/_scanf.c
@@ -1351,7 +1351,20 @@ int VFSCANF (FILE *__restrict fp, const Wchar *__restrict format, va_list arg)
(psfs.conv_num >= CONV_c)
#endif /* __UCLIBC_HAS_WCHAR__ */
{
+ /* We might have to handle the allocation ourselves */
+ int len;
+ unsigned char **ptr;
+
b = (psfs.store ? ((unsigned char *) psfs.cur_ptr) : buf);
+ /* With 'm', we actually got a pointer to a pointer */
+ ptr = (void *)b;
+
+ if (psfs.flags & FLAG_MALLOC) {
+ len = 0;
+ b = NULL;
+ } else
+ len = -1;
+
fail = 1;
if (psfs.conv_num == CONV_c) {
@@ -1359,32 +1372,28 @@ int VFSCANF (FILE *__restrict fp, const Wchar *__restrict format, va_list arg)
sc.width = 1;
}
+ if (psfs.flags & FLAG_MALLOC)
+ b = malloc(sc.width);
+
+ i = 0;
while (__scan_getc(&sc) >= 0) {
zero_conversions = 0;
- *b = sc.cc;
- b += psfs.store;
+ b[i] = sc.cc;
+ i += psfs.store;
}
__scan_ungetc(&sc);
if (sc.width > 0) { /* Failed to read all required. */
goto DONE;
}
+ if (psfs.flags & FLAG_MALLOC)
+ *ptr = b;
psfs.cnt += psfs.store;
goto NEXT_FMT;
}
if (psfs.conv_num == CONV_s) {
- /* We might have to handle the allocation ourselves */
- int len;
- /* With 'm', we actually got a pointer to a pointer */
- unsigned char **ptr = (void *)b;
i = 0;
- if (psfs.flags & FLAG_MALLOC) {
- len = 0;
- b = NULL;
- } else
- len = -1;
-
/* Yes, believe it or not, a %s conversion can store nuls. */
while ((__scan_getc(&sc) >= 0) && !isspace(sc.cc)) {
zero_conversions = 0;
@@ -1399,10 +1408,6 @@ int VFSCANF (FILE *__restrict fp, const Wchar *__restrict format, va_list arg)
fail = 0;
}
- if (psfs.flags & FLAG_MALLOC)
- *ptr = b;
- /* The code below takes care of terminating NUL */
- b += i;
} else {
#ifdef __UCLIBC_HAS_WCHAR__
assert((psfs.conv_num == CONV_LEFTBRACKET) || \
@@ -1453,13 +1458,20 @@ int VFSCANF (FILE *__restrict fp, const Wchar *__restrict format, va_list arg)
#endif /* __UCLIBC_HAS_WCHAR__ */
+ i = 0;
while (__scan_getc(&sc) >= 0) {
zero_conversions = 0;
if (!scanset[sc.cc]) {
break;
}
- *b = sc.cc;
- b += psfs.store;
+ if (i == len) {
+ /* Pick a size that won't trigger a lot of
+ * mallocs early on ... */
+ len += 256;
+ b = realloc(b, len + 1);
+ }
+ b[i] = sc.cc;
+ i += psfs.store;
fail = 0;
}
}
@@ -1469,6 +1481,9 @@ int VFSCANF (FILE *__restrict fp, const Wchar *__restrict format, va_list arg)
if (fail) { /* nothing stored! */
goto DONE;
}
+ if (psfs.flags & FLAG_MALLOC)
+ *ptr = b;
+ b += i;
*b = 0; /* Nul-terminate string. */
psfs.cnt += psfs.store;
goto NEXT_FMT;