Red Hat Bugzilla – Bug 53940
scanf(3) doesn't seem to handle %n properly
Last modified: 2016-11-24 09:47:37 EST
From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.19 i686) Description of problem: If scanf() reads no symbols, it ignores %n Version-Release number of selected component (if applicable): all versions. How reproducible: Always Steps to Reproduce: 1. Compile the test program (attached) 2. run it Actual Results: 10 3 Expected Results: 0 3 Additional info: Not shure that it is a bug, but I have one program that crashes due to this strange behavior.
Created attachment 32418 [details] simple test program for scanf()
It is a bug, but not in glibc, but in the program you have. In first sscanf, you get matching failure already before the %n directive, so it is not assigned. See e.g. ISO C99, or http://www.opengroup.org/onlinepubs/007908799/xsh/fscanf.html You really have to check *scanf return value first before assuming which arguments were assigned to.