stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)

Patterns like %*[ can safely be used to match a great many characters,
and it's quite realisitic to use them for more than INT_MAX characters
from an IO stream.

With the previous approach, after INT_MAX characters (v)fscanf would
return successfully, indicating an end to the match, even though there
wasn't one.

diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c
index 38e74776a5bb5171ef5d30eca1525f093e129c5f..1d81e16f4ed3c45fe75b6cf50f669ab85595c70d 100644 (file)
--- a/stdio-common/vfscanf-internal.c
+++ b/stdio-common/vfscanf-internal.c
@@ -2479,11 +2479,6 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
          else
            not_in = 0;
 
-         if (width < 0)
-           /* There is no width given so there is also no limit on the
-              number of characters we read.  Therefore we set width to
-              a very high value to make the algorithm easier.  */
-           width = INT_MAX;
 
 #ifdef COMPILE_WSCANF
          /* Find the beginning and the end of the scanlist.  We are not
@@ -2647,7 +2642,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
                        }
                    }
                }
-             while (--width > 0 && inchar () != WEOF);
+             while ((width < 0 || --width > 0) && inchar () != WEOF);
            out:
 #else
              char buf[MB_LEN_MAX];
@@ -2732,7 +2727,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
                        }
                    }
 
-                 if (--width <= 0)
+                 if (width >= 0 && --width <= 0)
                    break;
                }
              while (inchar () != EOF);
@@ -2884,7 +2879,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
                  assert (n <= MB_LEN_MAX);
                  str += n;
                }
-             while (--width > 0 && inchar () != WEOF);
+             while ((width < 0 || --width > 0) && inchar () != WEOF);
            out2:
 #else
              do
@@ -2938,7 +2933,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,
                        }
                    }
                }
-             while (--width > 0 && inchar () != EOF);
+             while ((width < 0 || --width > 0) && inchar () != EOF);
 #endif
 
              if (__glibc_unlikely (now == read_in))