Sender:	rich AT phekda DOT freeserve DOT co DOT uk
Message-ID:	<3DF70F40.4FE00660@phekda.freeserve.co.uk>
Date:	Wed, 11 Dec 2002 10:11:12 +0000
From:	Richard Dawe <rich AT phekda DOT freeserve DOT co DOT uk>
X-Mailer:	Mozilla 4.77 [en] (X11; U; Linux 2.2.23 i586)
X-Accept-Language:	de,fr
MIME-Version:	1.0
To:	djgpp-workers AT delorie DOT com
Subject:	Re: scanf buffer overflow; support 'hh' conversion specifier [PATCH]
References:	<E18LkKs-0000qc-00 AT phekda DOT freeserve DOT co DOT uk> <9743-Tue10Dec2002223639+0200-eliz AT is DOT elta DOT co DOT il>
Reply-To:	djgpp-workers AT delorie DOT com

Hello.

Eli Zaretskii wrote:
> 
> > Date: Tue, 10 Dec 2002 13:22:14 +0000
> > From: "Richard Dawe" <rich AT phekda DOT freeserve DOT co DOT uk>
> >
> > The code that causes the buffer overflow is the special handling
> > for capitalised letters (for compatibility with Borland C) - D, I, U
> > and O. For some reason X was included in this too. I think the code
> > mistakenly sets 'size' to LONG for X. I think it should leave it alone
> > and let 'size' be set by the normal mechanisms - 'h', 'l', 'll', etc.
> 
> I recall vaguely that some Borland compatibility is involved here.
> Can someone please check with Borland C and Turbo C?

In section 7.19.6.2, point 14 of the C99 standard (numbered page 286, but
actually page 300 of the PDF):

"The conversion specifiers A, E, F, G, and X are also valid and behave the
same as,
respectively, a, e, f, g, and x."

So we can't treat X as some Borland special-case, if we want to comply with
the C standard.

The Borland-ness of D, I and U should be preserved by the patch I sent. If
not, it's a bug.

Thanks, bye, Rich =]

-- 
Richard Dawe [ http://www.phekda.freeserve.co.uk/richdawe/ ]

- Raw text -