Skip to content

Commit

Permalink
libphoenix/scanf: Fix invalid processing of %n
Browse files Browse the repository at this point in the history
JIRA: RTOS-825
  • Loading branch information
astalke authored and jmaksymowicz committed Nov 6, 2024
1 parent f864654 commit 7fd2dab
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions stdio/scanf.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
#define CT_STRING 2 /* %s conversion */
#define CT_INT 3 /* %[dioupxX] conversion */
#define CT_FLOAT 4 /* %[aefgAEFG] conversion */
#define CT_NONE 5 /* No conversion (ex. %n) */


static const unsigned char *__sccl(char *tab, const unsigned char *fmt)
Expand Down Expand Up @@ -113,7 +114,7 @@ static int scanf_parse(char *ccltab, const char *inp, int *inr, char const *fmt0
char *p, *p0;
char buf[32];

static short basefix[17] = { 10, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
static const short basefix[17] = { 10, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };

*inr = strlen(inp);

Expand Down Expand Up @@ -226,6 +227,8 @@ static int scanf_parse(char *ccltab, const char *inp, int *inr, char const *fmt0
case '9':
width = width * 10 + c - '0';
continue;
default:
break;
}

/*
Expand Down Expand Up @@ -298,7 +301,7 @@ static int scanf_parse(char *ccltab, const char *inp, int *inr, char const *fmt0
case 'n':
nconversions++;
if ((flags & SUPPRESS) != 0) {
continue;
break;
}
if ((flags & SHORTSHORT) != 0) {
*va_arg(ap, char *) = nread;
Expand All @@ -318,7 +321,12 @@ static int scanf_parse(char *ccltab, const char *inp, int *inr, char const *fmt0
else {
*va_arg(ap, int *) = nread;
}
continue;
c = CT_NONE;
break;
default:
c = CT_NONE;
/* TODO: Handle this */
break;
}

break;
Expand Down Expand Up @@ -674,6 +682,8 @@ static int scanf_parse(char *ccltab, const char *inp, int *inr, char const *fmt0
nconversions++;
break;

case CT_NONE:
break;
default:
break;
}
Expand Down

0 comments on commit 7fd2dab

Please sign in to comment.