This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13389] New: scanf "%0s"
- From: "1123monkey at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sun, 06 Nov 2011 02:57:43 +0000
- Subject: [Bug libc/13389] New: scanf "%0s"
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13389
Bug #: 13389
Summary: scanf "%0s"
Product: glibc
Version: 2.11
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: 1123monkey@gmail.com
Classification: Unclassified
I've read the manual of scanf, it says:
Reading of characters stops either when this maximum is reached or when a
nonmatching character is found, whichever happens first. ...... String input
conversions store a null terminator ('\0') to mark the end of the input; the
maximum field width does not include this terminator.
so, in the source below:
char c;
char *p= &c;
scanf("%0s", p);
The maximum is immediately reached, scanf should read nothing, then fill c with
\0.
But scanf indeed works just as the format is "%s" and it messes up the stack.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.