diff options
author | Andreas Schwab <schwab@suse.de> | 2013-01-14 17:32:20 +0100 |
---|---|---|
committer | Andreas Schwab <schwab@suse.de> | 2013-04-11 10:24:37 +0200 |
commit | 6ecec3b616aeaf121c68c1053cd17fdcf0cdb5a2 (patch) | |
tree | f6e388cdb8eff711e7f0af5af0cf77cff1404b70 /stdio-common/vfscanf.c | |
parent | Fix invalid free of memory allocated during rtld init (diff) | |
download | glibc-6ecec3b616aeaf121c68c1053cd17fdcf0cdb5a2.tar.gz glibc-6ecec3b616aeaf121c68c1053cd17fdcf0cdb5a2.tar.bz2 glibc-6ecec3b616aeaf121c68c1053cd17fdcf0cdb5a2.zip |
Don't accept exp char without preceding digits in scanf float parsing
Diffstat (limited to 'stdio-common/vfscanf.c')
-rw-r--r-- | stdio-common/vfscanf.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c index 9b5c4a9c88..82f7eee192 100644 --- a/stdio-common/vfscanf.c +++ b/stdio-common/vfscanf.c @@ -222,7 +222,7 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr, /* Errno of last failed inchar call. */ int inchar_errno = 0; /* Status for reading F-P nums. */ - char got_dot, got_e, negative; + char got_digit, got_dot, got_e, negative; /* If a [...] is a [^...]. */ CHAR_T not_in; #define exp_char not_in @@ -1845,7 +1845,7 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr, if (__builtin_expect (c == EOF, 0)) input_error (); - got_dot = got_e = 0; + got_digit = got_dot = got_e = 0; /* Check for a sign. */ if (c == L_('-') || c == L_('+')) @@ -1971,13 +1971,19 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr, while (1) { if (ISDIGIT (c)) - ADDW (c); + { + ADDW (c); + got_digit = 1; + } else if (!got_e && (flags & HEXA_FLOAT) && ISXDIGIT (c)) - ADDW (c); + { + ADDW (c); + got_digit = 1; + } else if (got_e && wp[wpsize - 1] == exp_char && (c == L_('-') || c == L_('+'))) ADDW (c); - else if (wpsize > 0 && !got_e + else if (got_digit && !got_e && (CHAR_T) TOLOWER (c) == exp_char) { ADDW (exp_char); |