[compiler-rt] r188069 - [sanitizer] Fix handling of %n in scanf interceptor.

Evgeniy Stepanov eugeni.stepanov at gmail.com
Fri Aug 9 05:58:36 PDT 2013


Author: eugenis
Date: Fri Aug  9 07:58:35 2013
New Revision: 188069

URL: http://llvm.org/viewvc/llvm-project?rev=188069&view=rev
Log:
[sanitizer] Fix handling of %n in scanf interceptor.

%n does not increase the input item count. The new code emits writes to %n
arguments even if it has run out of input items.

Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc
    compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_scanf_interceptor_test.cc

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc?rev=188069&r1=188068&r2=188069&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc Fri Aug  9 07:58:35 2013
@@ -278,7 +278,7 @@ static void scanf_common(void *ctx, int
   CHECK_GT(n_inputs, 0);
   const char *p = format;
 
-  while (*p && n_inputs) {
+  while (*p) {
     ScanfDirective dir;
     p = scanf_parse_next(p, allowGnuMalloc, &dir);
     if (!p)
@@ -301,6 +301,8 @@ static void scanf_common(void *ctx, int
     void *argp = va_arg(aq, void *);
     if (dir.convSpecifier != 'n')
       --n_inputs;
+    if (n_inputs < 0)
+      break;
     if (size == SSS_STRLEN) {
       size = internal_strlen((const char *)argp) + 1;
     }

Modified: compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_scanf_interceptor_test.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_scanf_interceptor_test.cc?rev=188069&r1=188068&r2=188069&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_scanf_interceptor_test.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_scanf_interceptor_test.cc Fri Aug  9 07:58:35 2013
@@ -169,7 +169,7 @@ TEST(SanitizerCommonInterceptors, Scanf)
   testScanfPartial("%d%d%d%d //3\n", 3, 3, I, I, I);
   testScanfPartial("%d%d%d%d //4\n", 4, 4, I, I, I, I);
 
-  testScanfPartial("%d%n%n%d //1\n", 1, 1, I);
+  testScanfPartial("%d%n%n%d //1\n", 1, 3, I, I, I);
   testScanfPartial("%d%n%n%d //2\n", 2, 4, I, I, I, I);
 
   testScanfPartial("%d%n%n%d %s %s", 3, 5, I, I, I, I, scanf_buf_size);





More information about the llvm-commits mailing list