[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 243234] ptrcheck doesnt handle sscanf properly
From: Julian Seward <jseward () acm ! org>
Date: 2010-06-30 10:16:30
Message-ID: 20100630101630.1A65C47BA2 () immanuel ! kde ! org
[Download RAW message or body]
https://bugs.kde.org/show_bug.cgi?id=243234
--- Comment #3 from Julian Seward <jseward acm org> 2010-06-30 12:16:27 ---
Tom's analysis is right. To make it a bit more concrete though:
You are doing
char buf0[..];
char buf1[..];
fscanf("%s %s", buf0, buf1);
Ptrcheck assumes that any insn that reads or writes a stack or
global array once will continue to read or write in that same
array, until the stack frame of the function exits. So what you
have here is a call to _IO_vfscanf, and somewhere in that fn is a loop
that copies data to destination arrays in response to %s in the
format string. Since you have two %s here, first it copies data
to buf0 (so Ptrcheck assumes that is the intended destination).
Then, it switches to writing buf1, and so it complains.
Of course when _IO_vfscanf exits, then Ptrcheck "forgets" everything
it knows about the instructions in _IO_vfscanf. It has to do that so
that later calls to _IO_vfscanf are not checked against the buffers
that earlier calls wrote to.
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic