RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 09:14:58 +00:00
Code Issues Activity Actions

LibC: Fix %n conversion specifier in scanf() format

Browse source 
Also add a test to prevent this from happening again. There were two
bugs:

* The number of bytes just after processing the last value was written,
  instead of the number of bytes after skipping remaining whitespace.
  Confirmed by testing against GNU's `scanf()` since the man page
  leaves something to be desired.

* The number of bytes was written to the wrong variable argument; i.e.
  the first argument was overwritten.
This commit is contained in:
Jelle Raaijmakers 2021-10-25 00:23:49 +02:00 committed by Brian Gianforcaro
parent 00f36fc5ae
commit a44978b9b0
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibC/scanf.cpp
View file

@ -611,8 +611,9 @@ extern "C" int vsscanf(const char* input, const char* format, va_list ap)
++elements_matched;
break;
case ConversionSpecifier::OutputNumberOfBytes: {
input_lexer.ignore_while(isspace);
if (!suppress_assignment) {
auto* ptr = va_arg(ap, int*);
auto* ptr = va_arg(copy, int*);
*ptr = input_lexer.tell();
}
break;