The below patch fixes two bugs in lib/vsprintf.c's implementation of
vsscanf(). First, the man page for vsscanf() says about the 'i'
conversion:
i Matches an optionally signed integer; the next
pointer must be a pointer to int. The integer is
read in base 16 if it begins with `0x' or `0X', in
base 8 if it begins with `0', and in base 10
otherwise. Only characters that correspond to the
base are used.
To me this means that vsscanf() should pass base 0 to simple_strtol;
however the Linux implementation defaults to base 10. The first part
of the patch corrects this.
Second, vsscanf() checks the first character of the number it's about
to read using isdigit(); this is incorrect for hex or octal
conversions. The second part of this patch corrects vsscanf() to use
the correct check depending on the value of base.
lib/vsprintf.c has not changed in quite a while, so this patch should
apply cleanly to 2.4.17, 2.4.18pre3 and 2.5.2.
Thanks,
Roland
diff -Naur linux-2.4.17.orig/lib/vsprintf.c linux-2.4.17/lib/vsprintf.c
--- linux-2.4.17.orig/lib/vsprintf.c Thu Oct 11 11:17:22 2001
+++ linux-2.4.17/lib/vsprintf.c Tue Jan 15 01:06:29 2002
@@ -616,8 +616,9 @@
case 'X':
base = 16;
break;
- case 'd':
case 'i':
+ base = 0;
+ case 'd':
is_sign = 1;
case 'u':
break;
@@ -637,7 +638,11 @@
while (isspace(*str))
str++;
- if (!*str || !isdigit(*str))
+ if (!*str
+ || (base == 16 && !isxdigit(*str))
+ || (base == 10 && !isdigit(*str))
+ || (base == 8 && (!isdigit(*str) || *str > '7'))
+ || (base == 0 && !isdigit(*str)))
break;
switch(qualifier) {
--
Roland Dreier <[email protected]>
GPG Key fingerprint = A89F B5E9 C185 F34D BD50 4009 37E2 25CC E0EE FAC0
On Tue, Jan 15, 2002 at 01:25:38AM -0800, Roland Dreier wrote:
> The below patch fixes two bugs in lib/vsprintf.c's implementation of
> vsscanf().
If we are looking at these things I have some gnawing suspicions
that a constant 0xFFFFFFFFUL at line 489 of lib/vsprintf.c
in this function:
int vsprintf(char *buf, const char *fmt, va_list args)
{
return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args);
}
was really meant to be (size_t)(-1). It is not the same if a platform
is not 32 bits. Roland, what do you think?
Michal
>>>>> "Michal" == Michal Jaegermann <[email protected]> writes:
Michal> On Tue, Jan 15, 2002 at 01:25:38AM -0800, Roland Dreier wrote:
Roland> The below patch fixes two bugs in lib/vsprintf.c's
Roland> implementation of vsscanf().
Michal> If we are looking at these things I have some gnawing
Michal> suspicions that a constant 0xFFFFFFFFUL at line 489 of
Michal> lib/vsprintf.c in this function:
int vsprintf(char *buf, const char *fmt, va_list args)
{
return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args);
}
Michal> was really meant to be (size_t)(-1). It is not the same
Michal> if a platform is not 32 bits. Roland, what do you think?
You are probably right, although I can't see it making much practical
difference (unlike the bugs I fixed, which actually bit me :) Still,
it wouldn't hurt to fix it.
R.
--
Roland Dreier <[email protected]>
GPG Key fingerprint = A89F B5E9 C185 F34D BD50 4009 37E2 25CC E0EE FAC0