Date: Wed, 29 Dec 2004 23:20:31 GMT From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/75638: sscanf %lld broken on 4.x Message-ID: <200412292320.iBTNKVRe027015@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/75638; it has been noted by GNATS. From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/75638: sscanf %lld broken on 4.x Date: Thu, 30 Dec 2004 00:16:34 +0100 > sscanf(s, "%lld", &l) will not set l to valid value if l was previously > not zero. well, not exactly non-zero. the problem occurs when l if initialized with value greater than 0xffffffff: lagoon:venglin:~> cat test.c #include <stdio.h> int main(void) { //long long value = 0x100000000L; long long value = 0xffffffff; char *s = "10"; fprintf(stderr, "%lld %s\n", value, s); sscanf(s, "%lld", &value); fprintf(stderr, "%lld %s\n", value, s); } lagoon:venglin:~> cc -o test test.c lagoon:venglin:~> ./test 4294967295 10 10 10 lagoon:venglin:~> cat test.c #include <stdio.h> int main(void) { long long value = 0x100000000L; //long long value = 0xffffffff; char *s = "10"; fprintf(stderr, "%lld %s\n", value, s); sscanf(s, "%lld", &value); fprintf(stderr, "%lld %s\n", value, s); } lagoon:venglin:~> cc -o test test.c lagoon:venglin:~> ./test 4294967296 10 4294967306 10 it looks like classical unsigned integer overflow, which could have some yet unknown security implications. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE * * JID: venglin@jabber.atman.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412292320.iBTNKVRe027015>