Date: Mon, 14 Jan 2013 16:57:00 -0500 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: minor issues (found by cppcheck) On Mon, Jan 14, 2013 at 10:23:50PM +0100, Szabolcs Nagy wrote: > * Rich Felker <dalias@...ifal.cx> [2013-01-14 16:05:41 -0500]: > > On Mon, Jan 14, 2013 at 08:41:47PM +0100, Szabolcs Nagy wrote: > > > getmntent_r has a sscanf with %d, > > > it might make sense to limit the width > > > > I think the error is irrelevant for %d unless we're talking about the > > theoretical UB for integer overflow, but that doesn't seem to be what > > this warning is about. Anyway, musl's scanf has well-defined overflow > > behavior. > > i mean if there is a very long digit sequence in the input > it may make sense to fail early, eg use %11d and with a final > %n we could check if the input is read correctly > > assuming we want to report failure on invalid input Is a line containing a number 1 represented as a billion zeros followed by a 1 "invalid input"? It's pathological, but I don't see any reason to go out of our way to treat it as invalid, especially since the files being parsed by this function are provided either by root or by the invoking user (usually by root). Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.