| Summary: | scanf handles %p as an integer, truncated value on 64bits platforms | ||
|---|---|---|---|
| Product: | uClibc | Reporter: | Eric Hassold <eric.hassold> |
| Component: | stdio | Assignee: | unassigned |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | uclibc-cvs |
| Priority: | P5 | ||
| Version: | 0.9.32 | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
When scanning %p conversion, sscanf stores value as an unsigned integer. On 64bits platforms (e.g. x86_64), this causes returned pointers to be invalid since high-word is lost. Test to reproduce: #include <stdio.h> #define PREFIX "ZZZZZ" int main (int qrgc, char **argv) { void *p = (void*) 0x1122334455667788; char *s = PREFIX "0xABCD00004321"; sscanf(s,PREFIX"%p",&p); printf("scanned '%s', got %p\n",s,p); return 0; } This was observed with latest snapshot from master branch, but since code in _sscanf.c hasn't been modified since 2009, bug should exist in several prior releases (while affecting only 64bits platforms). To work around this, I modified QUAL_CHARS so %p conversion uses PDS value (like %t modifier) when calling store_inttype(). Patch attached.