On 10/06/2023 22.40, Demi Marie Obenour wrote:
> sscanf() and friends currently ignore integer overflow, but this is a
> bad idea. It is much better to detect integer overflow errors and
> consider this a conversion failure.
Perhaps. And maybe I even agree. But not like this:
> while (*fmt) {
> /* skip any white space in format */
> @@ -3464,6 +3474,9 @@ int vsscanf(const char *buf, const char *fmt, va_list args)
> break;
> ++fmt;
>
> + allow_overflow = *fmt == '!';
> + fmt += (int)allow_overflow;
> +
You can't do that. Or, at least, you won't be able to actually use %!d
anywhere, because the compiler will yell at you:
lib/vsprintf.c: In function ‘foobar’:
lib/vsprintf.c:3727:26: error: unknown conversion type character ‘!’ in
format [-Werror=format=]
3727 | ret = sscanf("12345", "%!d", &val);
| ^
So NAK.
Also, when you make significant changes to the sscanf implementation,
I'd expect the diffstat for the patch series to contain lib/test_scanf.c.
Rasmus
