From kde-bugs-dist Wed Jun 30 10:16:30 2010 From: Julian Seward Date: Wed, 30 Jun 2010 10:16:30 +0000 To: kde-bugs-dist Subject: [Bug 243234] ptrcheck doesnt handle sscanf properly Message-Id: <20100630101630.1A65C47BA2 () immanuel ! kde ! org> X-MARC-Message: https://marc.info/?l=kde-bugs-dist&m=127789314229237 https://bugs.kde.org/show_bug.cgi?id=243234 --- Comment #3 from Julian Seward 2010-06-30 12:16:27 --- Tom's analysis is right. To make it a bit more concrete though: You are doing char buf0[..]; char buf1[..]; fscanf("%s %s", buf0, buf1); Ptrcheck assumes that any insn that reads or writes a stack or global array once will continue to read or write in that same array, until the stack frame of the function exits. So what you have here is a call to _IO_vfscanf, and somewhere in that fn is a loop that copies data to destination arrays in response to %s in the format string. Since you have two %s here, first it copies data to buf0 (so Ptrcheck assumes that is the intended destination). Then, it switches to writing buf1, and so it complains. Of course when _IO_vfscanf exits, then Ptrcheck "forgets" everything it knows about the instructions in _IO_vfscanf. It has to do that so that later calls to _IO_vfscanf are not checked against the buffers that earlier calls wrote to. -- Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.