You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original bug ID: 4321 Reporter: till Assigned to:@pierreweis Status: closed (set by @damiendoligez on 2008-09-10T15:35:23Z) Resolution: fixed Priority: normal Severity: crash Version: 3.10.0 Fixed in version: 3.11+dev Category: ~DO NOT USE (was: OCaml general) Related to:#3992 Monitored by: jm @mmottl
I consider this bug to be critical since it can be exploited in some application to cause ocaml to segfault, for instance, in i18n it is frequent to get format strings from separate files...
consider:
let f s = Scanf.sscanf s "Toto %{%c %s%}" (fun f ->Printf.printf f 'x' "123");;
let _ = f "Toto "%2$c=%1$s"";;
The text was updated successfully, but these errors were encountered:
According to its documentation, the Scanf module is not supposed to accept any positional parameters specification in the format strings. So, raising an exception is the correct and expected behaviour.
Indeed, the static type-checker also rejects positional parameters, as examplify here:
format_of_string "%1$s";;
Bad conversion %$, at char number 0 in format string ``%1$s''
Despite those checks, your example leads to the production of a format string value with positional parameters in it, by-passing the typechecker checks and the Scanf checks! This is due to a bug in the function that performs the dynamic type-checking verification for format strings which I will correct very soon.
Original bug ID: 4321
Reporter: till
Assigned to: @pierreweis
Status: closed (set by @damiendoligez on 2008-09-10T15:35:23Z)
Resolution: fixed
Priority: normal
Severity: crash
Version: 3.10.0
Fixed in version: 3.11+dev
Category: ~DO NOT USE (was: OCaml general)
Related to: #3992
Monitored by: jm @mmottl
Bug description
doesn't raise any exception while:
raises one....
Additional information
I consider this bug to be critical since it can be exploited in some application to cause ocaml to segfault, for instance, in i18n it is frequent to get format strings from separate files...
consider:
let f s = Scanf.sscanf s "Toto %{%c %s%}" (fun f ->Printf.printf f 'x' "123");;
let _ = f "Toto "%2$c=%1$s"";;
The text was updated successfully, but these errors were encountered: