Re: [Libguestfs] RFC: *scanf vs. overflow
On 5/23/20 12:06 AM, Richard W.M. Jones via Libc-alpha wrote:
We can only do this safely where we can prove that overflow does not
matter.
Yes, this is exactly the sort of usage that I had in mind. In the following
example, which is the first use of *scanf I saw, if scanf never allowed integer
overflow (that is, it scanned only as much of a number that would fit), this
code would output an error message instead of blithely going on with an
overflowed number, and this would be safer than the code's current behavior.
if (sscanf (&value[i], "*%" SCNi64
"%n", &k, &n) == 1) {
if (k < 0) {
nbdkit_error ("data parameter *N must be >= 0");
return -1;
}
...
} else {
nbdkit_error ("')' in data string not followed by
'*'");
return -1;
}