From owner-freebsd-current Sun Jun 3 11:33:43 2001 Delivered-To: freebsd-current@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id E62BE37B403; Sun, 3 Jun 2001 11:33:38 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id EAA14731; Mon, 4 Jun 2001 04:33:36 +1000 Date: Mon, 4 Jun 2001 04:31:59 +1000 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: sobomax@FreeBSD.ORG Cc: current@FreeBSD.ORG, deischen@FreeBSD.ORG Subject: Re: sscanf(3) is broken in 5-CURRENT [SIGBUS] In-Reply-To: <200106021026.f52AQQo50360@mail.uic-in.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, 2 Jun 2001, Maxim Sobolev wrote: > It seems that something is wrong with sscanf(3) in -current - in > some cases it may cause SIGBUS. I failed to reproduce the > problem on 4-STABLE, so it is a -current specific bug. Attached > please find small showcase that exposes the bug in question > and a backtrace after SIGBUS. > > Please fix. > > -Maxim > > #include > int > main() > { > float sub; > sscanf("59e", "%f", &sub); > exit(0); > } > > (gdb) r > Starting program: /tmp/bug/a.out > Program received signal SIGBUS, Bus error. > 0x280b3ad8 in __ungetc () from /usr/lib/libc.so.5 > (gdb) bt > #0 0x280b3ad8 in __ungetc () from /usr/lib/libc.so.5 > #1 0x280b36b1 in __svfscanf () from /usr/lib/libc.so.5 > #2 0x280b25a3 in sscanf () from /usr/lib/libc.so.5 > #3 0x80484c0 in main () at bug.c:8 > #4 0x80483f5 in _start () This is because fp->_extra is not initialized by sscanf() (it is stack garbage that happened to be 0 when I looked at it). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message