bin/75638: sscanf %lld broken on 4.x
Przemyslaw Frasunek
venglin at freebsd.lublin.pl
Wed Dec 29 15:20:31 PST 2004
The following reply was made to PR bin/75638; it has been noted by GNATS.
From: Przemyslaw Frasunek <venglin at freebsd.lublin.pl>
To: freebsd-gnats-submit at FreeBSD.org
Cc:
Subject: Re: bin/75638: sscanf %lld broken on 4.x
Date: Thu, 30 Dec 2004 00:16:34 +0100
> sscanf(s, "%lld", &l) will not set l to valid value if l was previously
> not zero.
well, not exactly non-zero. the problem occurs when l if initialized with value
greater than 0xffffffff:
lagoon:venglin:~> cat test.c
#include <stdio.h>
int main(void) {
//long long value = 0x100000000L;
long long value = 0xffffffff;
char *s = "10";
fprintf(stderr, "%lld %s\n", value, s);
sscanf(s, "%lld", &value);
fprintf(stderr, "%lld %s\n", value, s);
}
lagoon:venglin:~> cc -o test test.c
lagoon:venglin:~> ./test
4294967295 10
10 10
lagoon:venglin:~> cat test.c
#include <stdio.h>
int main(void) {
long long value = 0x100000000L;
//long long value = 0xffffffff;
char *s = "10";
fprintf(stderr, "%lld %s\n", value, s);
sscanf(s, "%lld", &value);
fprintf(stderr, "%lld %s\n", value, s);
}
lagoon:venglin:~> cc -o test test.c
lagoon:venglin:~> ./test
4294967296 10
4294967306 10
it looks like classical unsigned integer overflow, which could have some yet
unknown security implications.
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: venglin at jabber.atman.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
More information about the freebsd-bugs
mailing list