From 03669b630e0e013db783eb897363e3ae9f18fd11 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 4 Dec 2024 13:45:21 +0100
Subject: [PATCH] tool_urlglob: parse character globbing range without sscanf

A step towards a future without sscanf() calls.

Closes #15682
---
 src/tool_urlglob.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index 2f339a2b93..0fb8004f6b 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -191,7 +191,6 @@ static CURLcode glob_range(struct URLGlob *glob, char **patternp,
      expression is checked for well-formedness and collected until the next ']'
   */
   struct URLPattern *pat;
-  int rc;
   char *pattern = *patternp;
   char *c;
 
@@ -200,16 +199,20 @@ static CURLcode glob_range(struct URLGlob *glob, char **patternp,
 
   if(ISALPHA(*pattern)) {
     /* character range detected */
-    char min_c;
-    char max_c;
-    char end_c;
+    bool pmatch = FALSE;
+    char min_c = 0;
+    char max_c = 0;
+    char end_c = 0;
     unsigned long step = 1;
 
     pat->type = UPTCharRange;
 
-    rc = sscanf(pattern, "%c-%c%c", &min_c, &max_c, &end_c);
+    if((pattern[1] == '-') && pattern[2] && pattern[3]) {
+      min_c = pattern[0];
+      max_c = pattern[2];
+      end_c = pattern[3];
+      pmatch = TRUE;
 
-    if(rc == 3) {
       if(end_c == ':') {
         char *endp;
         errno = 0;
@@ -221,7 +224,7 @@ static CURLcode glob_range(struct URLGlob *glob, char **patternp,
       }
       else if(end_c != ']')
         /* then this is wrong */
-        rc = 0;
+        pmatch = FALSE;
       else
         /* end_c == ']' */
         pattern += 4;
@@ -229,7 +232,7 @@ static CURLcode glob_range(struct URLGlob *glob, char **patternp,
 
     *posp += (pattern - *patternp);
 
-    if(rc != 3 || !step || step > (unsigned)INT_MAX ||
+    if(!pmatch || !step || step > (unsigned)INT_MAX ||
        (min_c == max_c && step != 1) ||
        (min_c != max_c && (min_c > max_c || step > (unsigned)(max_c - min_c) ||
                            (max_c - min_c) > ('z' - 'a'))))
-- 
2.47.3