Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130420165120.GK20323@brightrain.aerifal.cx>
Date: Sat, 20 Apr 2013 12:51:20 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: scanf requirements not met?

On Thu, Apr 04, 2013 at 09:52:55PM -0400, Rich Felker wrote:
> Hi all,
> 
> In consideration of adding the 'm' modifier for scanf and looking at
> how it's supposed to handle malloc failure, I believe the current
> implementation may be getting some things wrong. Seeing that it
> defined malloc failure as a "conversion error":
> 
>     If there is insufficient memory to allocate a buffer, the function
>     shall set errno to [ENOMEM] and a conversion error shall result.
> 
> I noticed that this was not either of the "failures" defined for
> scanf: input or matching. The text "conversion error" does not occur
> elsewhere, but the ERRORS section does specify:
> 
>     If any error occurs, EOF shall be returned, and errno shall be set
>     to indicate the error.

Searching again, I can no longer find the text "if any error" in the
specification for scanf. It looks like TC1 has been applied to the
html version of POSIX, and the text I had cited above, which conflicts
with the requirements of ISO C, has been corrected such that an error
return only happens if the error occurs before the first conversion.

In short, we had it right and POSIX had it wrong.

There may be one remaining issue: it's not clear to me whether scanf
can return EOF after a successful match for which assignment was
suppressed with the * modifier. Such matches do not contribute to the
count returned, but by a strict reading, they seem to contribute to
the requirement to return 0 rather than EOF.

>     If the function returns EOF, any memory successfully allocated for
>     parameters using assignment-allocation character 'm' by this call
>     shall be freed before the function returns.

With TC1 applied, this text is mostly irrelevant; it only applies to
the first conversion.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.