diff options
author | Richard Fitzgerald <rf@opensource.cirrus.com> | 2021-05-14 18:12:04 +0200 |
---|---|---|
committer | Petr Mladek <pmladek@suse.com> | 2021-05-19 15:05:11 +0200 |
commit | 900fdc4573766dd43b847b4f54bd4a1ee2bc7360 (patch) | |
tree | e016b94ba7ea217afa3f9894cbf95fa2bf86bc4b /lib/kstrtox.h | |
parent | lib: vsprintf: scanf: Negative number must have field width > 1 (diff) | |
download | linux-900fdc4573766dd43b847b4f54bd4a1ee2bc7360.tar.xz linux-900fdc4573766dd43b847b4f54bd4a1ee2bc7360.zip |
lib: vsprintf: Fix handling of number field widths in vsscanf
The existing code attempted to handle numbers by doing a strto[u]l(),
ignoring the field width, and then repeatedly dividing to extract the
field out of the full converted value. If the string contains a run of
valid digits longer than will fit in a long or long long, this would
overflow and no amount of dividing can recover the correct value.
This patch fixes vsscanf() to obey number field widths when parsing
the number.
A new _parse_integer_limit() is added that takes a limit for the number
of characters to parse. The number field conversion in vsscanf is changed
to use this new function.
If a number starts with a radix prefix, the field width must be long
enough for at last one digit after the prefix. If not, it will be handled
like this:
sscanf("0x4", "%1i", &i): i=0, scanning continues with the 'x'
sscanf("0x4", "%2i", &i): i=0, scanning continues with the '4'
This is consistent with the observed behaviour of userland sscanf.
Note that this patch does NOT fix the problem of a single field value
overflowing the target type. So for example:
sscanf("123456789abcdef", "%x", &i);
Will not produce the correct result because the value obviously overflows
INT_MAX. But sscanf will report a successful conversion.
Note that where a very large number is used to mean "unlimited", the value
INT_MAX is used for consistency with the behaviour of vsnprintf().
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20210514161206.30821-2-rf@opensource.cirrus.com
Diffstat (limited to 'lib/kstrtox.h')
-rw-r--r-- | lib/kstrtox.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/kstrtox.h b/lib/kstrtox.h index 3b4637bcd254..158c400ca865 100644 --- a/lib/kstrtox.h +++ b/lib/kstrtox.h @@ -4,6 +4,8 @@ #define KSTRTOX_OVERFLOW (1U << 31) const char *_parse_integer_fixup_radix(const char *s, unsigned int *base); +unsigned int _parse_integer_limit(const char *s, unsigned int base, unsigned long long *res, + size_t max_chars); unsigned int _parse_integer(const char *s, unsigned int base, unsigned long long *res); #endif |