Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Oct 2003 17:06:57 +1100 (EST)
From:      Bruce Evans <bde@zeta.org.au>
To:        Peter Wemm <peter@FreeBSD.org>
Cc:        cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sbin/ifconfig ifconfig.c
Message-ID:  <20031026164153.B17272@gamplex.bde.org>
In-Reply-To: <200310260436.h9Q4al4O016287@repoman.freebsd.org>
References:  <200310260436.h9Q4al4O016287@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Oct 2003, Peter Wemm wrote:

> peter       2003/10/25 21:36:47 PDT
>
>   FreeBSD src repository
>
>   Modified files:
>     sbin/ifconfig        ifconfig.c
>   Log:
>   Give wider types to sscanf to fix two warnings (u_short cannot be > 0xffff)
>   and to make sure that we catch oversized arguments rather than silently
>   truncate them.  I dont know if sscanf will reject an integer if it will
>   not fit in the short return variable or not, but this way it should be
>   detected.

>From n869.txt concerning fscanf():

%%%
       condition   is   a   matching  failure.   Unless  assignment
       suppression  was  indicated  by  a  *,  the  result  of  the
       conversion  is  placed in the object pointed to by the first
       argument following the format argument that has not  already
       received  a conversion result.  If this object does not have
       an appropriate type, or if  the  result  of  the  conversion
			       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       cannot  be  represented  in  the  object,  the  behavior  is
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       undefined.
       ^^^^^^^^^
%%%

The other members of the scanf family and all members of the ato*()
family have the same behavior.  In other words, these functions are
as useful as gets(3) (their existence is a bug).  They can only be
used on data whose value (or length in the case of gets()) is known
to be small enough.  This makes them unusable for their most popular
use of parsing command line args.

The actual undefined behavior in FreeBSD's fscanf() is to blindly
assign unrepresntable values.  This normally results in errors being
silently ignored.

Bruce



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031026164153.B17272>