On Sat, May 23, 2020 at 12:45:01PM -0400, Rich Felker wrote:
I don't follow. *Any* use of scanf on untrusted input is
"vulnerable
to the integer-overflow issue" in the sense that overflow is UB. This
is not something subtle.
{,s}scanf is a useful, natural way to parse strings, and strto* is a
horrible interface with many bear traps. It seems to me scanf could
be changed to make it safe for overflow, simply by stopping parsing at
the point where the overflow occurs and returning a short count (or
the various other ideas suggested already in this thread).
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top