Mail Archives: djgpp-workers/2002/12/12/00:58:05.1

delorie.com/archives/browse.cgi

search

Mail Archives: djgpp-workers/2002/12/12/00:58:05.1

Date: Thu, 12 Dec 2002 07:52:37 +0200 (IST)

From: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>

X-Sender: eliz AT is

To: Richard Dawe <rich AT phekda DOT freeserve DOT co DOT uk>

cc: djgpp-workers AT delorie DOT com

Subject: Re: scanf buffer overflow; support 'hh' conversion specifier [PATCH]

In-Reply-To: <3DF76AAD.DC2F0E0A@phekda.freeserve.co.uk>

Message-ID: <Pine.SUN.3.91.1021212075124.15584C-100000@is>

MIME-Version: 1.0

Reply-To: djgpp-workers AT delorie DOT com

Errors-To: nobody AT delorie DOT com

X-Mailing-List: djgpp-workers AT delorie DOT com

X-Unsubscribes-To: listserv AT delorie DOT com

On Wed, 11 Dec 2002, Richard Dawe wrote:

> if (ch == 'd' || ch == 'i' || ch == 'o' || ch == 'u' || ch == 'x')
> {
>   if (size==LONG && ch != 'x') /* ANSI: %lX is long, not long long */
>     size = LONGDOUBLE;
>   else if (size != LONGDOUBLE)
>     size = LONG;
> }
> 
> 2.03 & %hX: size == SHORT => size == LONG after this code -> memory
> corruption.

I didn't follow the code to see why is this happening, but if hX produces 
a bug, can't we fix just that bug?  If we fix it, does it still 
contradict C99?

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Date:	Thu, 12 Dec 2002 07:52:37 +0200 (IST)
From:	Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
X-Sender:	eliz AT is
To:	Richard Dawe <rich AT phekda DOT freeserve DOT co DOT uk>
cc:	djgpp-workers AT delorie DOT com
Subject:	Re: scanf buffer overflow; support 'hh' conversion specifier [PATCH]
In-Reply-To:	<3DF76AAD.DC2F0E0A@phekda.freeserve.co.uk>
Message-ID:	<Pine.SUN.3.91.1021212075124.15584C-100000@is>
MIME-Version:	1.0
Reply-To:	djgpp-workers AT delorie DOT com
Errors-To:	nobody AT delorie DOT com
X-Mailing-List:	djgpp-workers AT delorie DOT com
X-Unsubscribes-To:	listserv AT delorie DOT com