From owner-cvs-src@FreeBSD.ORG  Sat Oct 25 23:07:02 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B8CD016A4B3; Sat, 25 Oct 2003 23:07:02 -0700 (PDT)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A350843F93; Sat, 25 Oct 2003 23:07:00 -0700 (PDT)
	(envelope-from bde@zeta.org.au)
Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246])
	by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id RAA17284;
	Sun, 26 Oct 2003 17:06:57 +1100
Date: Sun, 26 Oct 2003 17:06:57 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Peter Wemm <peter@FreeBSD.org>
In-Reply-To: <200310260436.h9Q4al4O016287@repoman.freebsd.org>
Message-ID: <20031026164153.B17272@gamplex.bde.org>
References: <200310260436.h9Q4al4O016287@repoman.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sbin/ifconfig ifconfig.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Oct 2003 06:07:02 -0000

On Sat, 25 Oct 2003, Peter Wemm wrote:

> peter       2003/10/25 21:36:47 PDT
>
>   FreeBSD src repository
>
>   Modified files:
>     sbin/ifconfig        ifconfig.c
>   Log:
>   Give wider types to sscanf to fix two warnings (u_short cannot be > 0xffff)
>   and to make sure that we catch oversized arguments rather than silently
>   truncate them.  I dont know if sscanf will reject an integer if it will
>   not fit in the short return variable or not, but this way it should be
>   detected.

>From n869.txt concerning fscanf():

%%%
       condition   is   a   matching  failure.   Unless  assignment
       suppression  was  indicated  by  a  *,  the  result  of  the
       conversion  is  placed in the object pointed to by the first
       argument following the format argument that has not  already
       received  a conversion result.  If this object does not have
       an appropriate type, or if  the  result  of  the  conversion
			       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       cannot  be  represented  in  the  object,  the  behavior  is
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       undefined.
       ^^^^^^^^^
%%%

The other members of the scanf family and all members of the ato*()
family have the same behavior.  In other words, these functions are
as useful as gets(3) (their existence is a bug).  They can only be
used on data whose value (or length in the case of gets()) is known
to be small enough.  This makes them unusable for their most popular
use of parsing command line args.

The actual undefined behavior in FreeBSD's fscanf() is to blindly
assign unrepresntable values.  This normally results in errors being
silently ignored.

Bruce