From a4966c6104918ac884ee1131a4ed23c5ad6b4c5a Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Thu, 31 Oct 2013 12:51:03 +0100 Subject: Fix parsing of 0e+0 as float --- ChangeLog | 7 +++++++ NEWS | 5 +++-- stdio-common/tst-sscanf.c | 34 ++++++++++++++++++++++++++++++++++ stdio-common/vfscanf.c | 2 ++ 4 files changed, 46 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 56736937f1..4b71c4a5f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2013-10-31 Andreas Schwab + + [BZ# 15917] + * stdio-common/vfscanf.c (_IO_vfwscanf): Handle leading '0' not + followed by 'x' as part of digit sequence. + * stdio-common/tst-sscanf.c (double_tests2): New tests. + 2013-10-31 Marc-Antoine Perennou [BZ #16037] diff --git a/NEWS b/NEWS index e3330fcf6b..d24511981d 100644 --- a/NEWS +++ b/NEWS @@ -15,8 +15,9 @@ Version 2.19 15670, 15672, 15680, 15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15799, 15825, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, - 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963, 15966, - 15988, 16032, 16034, 16036, 16037, 16041, 16071, 16072, 16074, 16078. + 15897, 15905, 15909, 15917, 15919, 15921, 15923, 15939, 15948, 15963, + 15966, 15988, 16032, 16034, 16036, 16037, 16041, 16071, 16072, 16074, + 16078. * CVE-2012-4412 The strcoll implementation caches indices and rules for large collation sequences to optimize multiple passes. This cache diff --git a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c index 1edb227199..3c34f58a63 100644 --- a/stdio-common/tst-sscanf.c +++ b/stdio-common/tst-sscanf.c @@ -109,6 +109,19 @@ struct test double_tests[] = { L("-inf"), L("%g"), 1 } }; +struct test2 +{ + const CHAR *str; + const CHAR *fmt; + int retval; + char residual; +} double_tests2[] = +{ + { L("0e+0"), L("%g%c"), 1, 0 }, + { L("0xe+0"), L("%g%c"), 2, '+' }, + { L("0x.e+0"), L("%g%c"), 2, '+' }, +}; + int main (void) { @@ -196,5 +209,26 @@ main (void) } } + for (i = 0; i < sizeof (double_tests2) / sizeof (double_tests2[0]); ++i) + { + double dummy; + int ret; + char c = 0; + + if ((ret = SSCANF (double_tests2[i].str, double_tests2[i].fmt, + &dummy, &c)) != double_tests2[i].retval) + { + printf ("double_tests2[%d] returned %d != %d\n", + i, ret, double_tests2[i].retval); + result = 1; + } + else if (ret == 2 && c != double_tests2[i].residual) + { + printf ("double_tests2[%d] stopped at '%c' != '%c'\n", + i, c, double_tests2[i].residual); + result = 1; + } + } + return result; } diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c index 78dc2fcfe5..e6fa8f372b 100644 --- a/stdio-common/vfscanf.c +++ b/stdio-common/vfscanf.c @@ -1966,6 +1966,8 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr, if (width > 0) --width; } + else + got_digit = 1; } while (1) -- cgit 1.4.1