From 2d4546f274ac4db609ea8db4d5296c92a78224a3 Mon Sep 17 00:00:00 2001
From: JustAnotherArchivist <JustAnotherArchivist@users.noreply.github.com>
Date: Tue, 7 Feb 2023 20:16:20 +0000
Subject: [PATCH] Fix errors on sscanf

%n takes a signed int so is incompatible with size_t; further, sscanf could in theory return a negative value (EOF).
---
 http-response-bodies.c | 14 +++++++++++---
 warc-dump-responses.c  |  8 ++++++--
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/http-response-bodies.c b/http-response-bodies.c
index 10c781e..277995e 100644
--- a/http-response-bodies.c
+++ b/http-response-bodies.c
@@ -34,7 +34,7 @@ int main(int argc, char* argv[]) {
 	char* m0;
 	char* m1;
 	char* eoh;
-	size_t nscan;
+	long int nscan;
 	size_t bytes_read;
 	size_t length;
 	bool html_fake_base = false;
@@ -129,10 +129,14 @@ checkstate:
 					}
 					m0 += 17;
 					while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0;
-					if (!sscanf(m0, "%zu%n", &length, &nscan)) {
+					if (sscanf(m0, "%zu%ln", &length, &nscan) <= 0) {
 						fprintf(stderr, "Error: invalid Content-Length\n");
 						return 1;
 					}
+					if (nscan < 0) {
+						fprintf(stderr, "Error: negative nscan\n");
+						return 1;
+					}
 					if (nscan > n - (m0 - bufp)) {
 						fprintf(stderr, "Error: buffer overread\n");
 						return 1;
@@ -250,10 +254,14 @@ checkstate:
 			}
 			m0 = bufp;
 			while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0;
-			if (!sscanf(m0, "%x%n", &length, &nscan)) {
+			if (sscanf(m0, "%zx%ln", &length, &nscan) <= 0) {
 				fprintf(stderr, "Error: invalid chunk length\n");
 				return 1;
 			}
+			if (nscan < 0) {
+				fprintf(stderr, "Error: negative nscan\n");
+				return 1;
+			}
 			if (nscan > n - (m0 - bufp)) {
 				fprintf(stderr, "Error: buffer overread\n");
 				return 1;
diff --git a/warc-dump-responses.c b/warc-dump-responses.c
index 7cec4f2..7649972 100644
--- a/warc-dump-responses.c
+++ b/warc-dump-responses.c
@@ -34,7 +34,7 @@ int main(int argc, char* argv[]) {
 	char* eoh;
 	size_t record_bytes_read;
 	size_t record_length;
-	size_t nscan;
+	long int nscan;
 	bool meta = false;
 
 	if (argc == 2 && strcmp(argv[1], "--meta") == 0) {
@@ -80,10 +80,14 @@ checkstate:
 				}
 				m0 += 17;
 				while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0;
-				if (!sscanf(m0, "%zu%n", &record_length, &nscan)) {
+				if (sscanf(m0, "%zu%ln", &record_length, &nscan) <= 0) {
 					fprintf(stderr, "Error: invalid Content-Length\n");
 					return 1;
 				}
+				if (nscan < 0) {
+					fprintf(stderr, "Error: negative nscan\n");
+					return 1;
+				}
 				if (nscan > n - (m0 - bufp)) {
 					fprintf(stderr, "Error: buffer overread\n");
 					return 1;