Use read_int in vfscanf

The function read_int, from printf-parse.h, parses an integer from a string while avoiding overflows. It is used by other functions, such as vfprintf, to avoid undefined behavior. The function vfscanf (_IO_vfwscanf) parses an integer from the format string, and can use read_int.
2016-09-20 14:19:27 -03:00 · 2016-09-20 14:19:27 -03:00 · 726d48ec96
parent e863cce57b
commit 726d48ec96
2 changed files with 10 additions and 8 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2016-10-26  Gabriel F. T. Gomes  <gftg@linux.vnet.ibm.com>
+
+	* stdio-common/vfscanf.c (_IO_vfwscanf): Use read_int to parse
+	integer from the format string.
+
 2016-10-26  Florian Weimer  <fweimer@redhat.com>

 	[BZ #19473]
--- a/stdio-common/vfscanf.c
+++ b/stdio-common/vfscanf.c
@ -133,6 +133,8 @@
 # define WINT_T		int
 #endif

+#include "printf-parse.h" /* Use read_int.  */
+
 #define encode_error() do {						      \
 			  errval = 4;					      \
 			  __set_errno (EILSEQ);				      \
@ -488,9 +490,7 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
      /* Check for a positional parameter specification.  */
      if (ISDIGIT ((UCHAR_T) *f))
 	{
-	  argpos = (UCHAR_T) *f++ - L_('0');
-	  while (ISDIGIT ((UCHAR_T) *f))
-	    argpos = argpos * 10 + ((UCHAR_T) *f++ - L_('0'));
+	  argpos = read_int ((const UCHAR_T **) &f);
 	  if (*f == L_('$'))
 	    ++f;
 	  else
@ -525,11 +525,8 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,

      /* Find the maximum field width.  */
      width = 0;
-      while (ISDIGIT ((UCHAR_T) *f))
-	{
-	  width *= 10;
-	  width += (UCHAR_T) *f++ - L_('0');
-	}
+      if (ISDIGIT ((UCHAR_T) *f))
+	width = read_int ((const UCHAR_T **) &f);
    got_width:
      if (width == 0)
 	width = -1;