[PATCH] Sanitize printf functions
Yury Gribov
tetra2005 at gmail.com
Fri Jan 17 03:50:58 PST 2014
================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc:30
@@ +29,3 @@
+ p = parse_number(p, out);
+ if (*out <= 0)
+ return 0;
----------------
Yury Gribov wrote:
> Alexey Samsonov wrote:
> > Evgeniy Stepanov wrote:
> > > Yury Gribov wrote:
> > > > Alexey Samsonov wrote:
> > > > > Please clarify in function name or comment why "0" or "-0" are unexpected.
> > > > This is Evegeny's code so I have no idea.
> > > Could it be different for printf vs scanf?
> > See above
> Closer study of scanf/printf spec reveals that width/precision are unsigned both for printf and scanf. But printf may have '-' or '+' flag in front of width.
>
> Anyway I don't know why you check for <= 0 here.
Ok, I got it: scanf is only allowed to have a non-zero width so this check needs to be moved to scanf_parse_next. All this syntax peculiarities are going to drive me crazy.
http://llvm-reviews.chandlerc.com/D2480
More information about the llvm-commits
mailing list