summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-04-25 10:40:25 -0400
committerRich Felker <dalias@aerifal.cx>2011-04-25 10:40:25 -0400
commit5efc6af4ebb9d50eb978d0338835544fdfea0396 (patch)
tree5148e8fc7dddb1dfcac614ca0ccc1c4a5fc0f326
parentdb9915ee97670885f3f2302d8c41ac6c61f2d77e (diff)
downloadmusl-5efc6af4ebb9d50eb978d0338835544fdfea0396.tar.gz
fix 2 eof-related bugs in scanf
1. failed match of literal chars from the format string would always return matching failure rather than input failure at eof, leading to infinite loops in some programs. 2. unread of eof would wrongly adjust the character counts reported by %n, yielding an off-by-one error.
-rw-r--r--src/stdio/__scanf.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/stdio/__scanf.c b/src/stdio/__scanf.c
index 185615d3..062327d7 100644
--- a/src/stdio/__scanf.c
+++ b/src/stdio/__scanf.c
@@ -22,8 +22,7 @@ static int read(rctx_t *r)
static void unread(rctx_t *r)
{
- //if (r->u || r->w < 0) return;
- if (r->w < 0) return;
+ if (r->c < 0 || r->w < 0) return;
r->w++;
r->u = 1;
}
@@ -99,7 +98,9 @@ int __scanf(rctx_t *r, const wchar_t *fmt, va_list ap)
} else if (*p != '%' || p[1] == '%') {
if (*p == '%') p++;
r->w = 1;
- if (*p++ != read(r))
+ if ((c = read(r)) < 0)
+ goto input_fail;
+ if (*p++ != c)
goto match_fail;
continue;
}