Date: Thu, 12 Dec 2002 07:52:37 +0200 (IST)
From: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
X-Sender: eliz AT is
To: Richard Dawe <rich AT phekda DOT freeserve DOT co DOT uk>
cc: djgpp-workers AT delorie DOT com
Subject: Re: scanf buffer overflow; support 'hh' conversion specifier [PATCH]
In-Reply-To: <3DF76AAD.DC2F0E0A@phekda.freeserve.co.uk>
Message-ID: <Pine.SUN.3.91.1021212075124.15584C-100000@is>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Reply-To: djgpp-workers AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: djgpp-workers AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk


On Wed, 11 Dec 2002, Richard Dawe wrote:

> if (ch == 'd' || ch == 'i' || ch == 'o' || ch == 'u' || ch == 'x')
> {
>   if (size==LONG && ch != 'x') /* ANSI: %lX is long, not long long */
>     size = LONGDOUBLE;
>   else if (size != LONGDOUBLE)
>     size = LONG;
> }
> 
> 2.03 & %hX: size == SHORT => size == LONG after this code -> memory
> corruption.

I didn't follow the code to see why is this happening, but if hX produces 
a bug, can't we fix just that bug?  If we fix it, does it still 
contradict C99?