Rich, on Mon, 29 May 2023 11:59:29 -0400 you (Rich Felker ) wrote: > On Mon, May 29, 2023 at 12:32:02PM +0200, Jₑₙₛ Gustedt wrote: > > Hi, > > we already discussed this but it doesn't seem that we have come to a > > conclusion. > > > > The problem is that for C23 semantics of several string to integer > > conversion functions change: a 'b' or 'B' that previously was the > > stop condition for integer parsing may become part of the integer > > string. This concerns all `scanf` and `strto` derivatives. > > > > This is probably not a problem for most applications that parse > > strings to integers, but it could be in some situations, and in > > particular it could open vulnerabilities. E.g network addresses that > > are read with base `0` (musl does this at some point to allow to > > have decimal or hex strings) could be open to attacks, once people > > start using binary encodings for integers more often. Another > > scenario where this could lead to harm is automatically produced > > output that is automatically scanned, and where nobody previously > > took care of proper word boundaries. > > > > My current idea is to have two sets of these functions, one that has > > the old semantics and one that has the new. > > This was rejected already in the first proposal (thread here): > > Message-ID: <20230503000045.GU4163@brightrain.aerifal.cx> > https://www.openwall.com/lists/musl/2023/05/03/1 > > "There are not going to be different versions of scanf/strto* > because there's just no way to do that in a conforming way..." Alright, saves me a lot of trouble. I'll forward all complaints by users to you ;-) Jₑₙₛ -- :: ICube :::::::::::::::::::::::::::::: deputy director :: :: Université de Strasbourg :::::::::::::::::::::: ICPS :: :: INRIA Nancy Grand Est :::::::::::::::::::::::: Camus :: :: :::::::::::::::::::::::::::::::::::: ☎ +33 368854536 :: :: https://icube-icps.unistra.fr/index.php/Jens_Gustedt ::