[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 243234] ptrcheck doesnt handle sscanf properly
From:       Julian Seward <jseward () acm ! org>
Date:       2010-06-30 10:16:30
Message-ID: 20100630101630.1A65C47BA2 () immanuel ! kde ! org
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=243234





--- Comment #3 from Julian Seward <jseward acm org>  2010-06-30 12:16:27 ---
Tom's analysis is right.  To make it a bit more concrete though:

You are doing 

  char buf0[..];
  char buf1[..];
  fscanf("%s %s", buf0, buf1);

Ptrcheck assumes that any insn that reads or writes a stack or
global array once will continue to read or write in that same
array, until the stack frame of the function exits.  So what you
have here is a call to _IO_vfscanf, and somewhere in that fn is a loop
that copies data to destination arrays in response to %s in the
format string.  Since you have two %s here, first it copies data
to buf0 (so Ptrcheck assumes that is the intended destination).
Then, it switches to writing buf1, and so it complains.

Of course when _IO_vfscanf exits, then Ptrcheck "forgets" everything
it knows about the instructions in _IO_vfscanf.  It has to do that so
that later calls to _IO_vfscanf are not checked against the buffers
that earlier calls wrote to.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]