| Summary: | scanf handles %p as an integer, truncated value on 64bits platforms | ||
|---|---|---|---|
| Product: | uClibc | Reporter: | Eric Hassold <eric.hassold> |
| Component: | stdio | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | eric.hassold, uclibc-cvs |
| Priority: | P5 | ||
| Version: | 0.9.32 | ||
| Target Milestone: | 0.9.32 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: |
patch for scanf to handle %p as long on 64bits platforms
Enforce datatype (int, long) for %p specifier in scanf |
||
*** Bug 3031 has been marked as a duplicate of this bug. *** Created attachment 2833 [details]
Enforce datatype (int, long) for %p specifier in scanf
Fixed to the same effect as e0d2b8e59beba49d6c2bdcf24257cc1834ce2b26 Many thanks for tracking this down! |
Created attachment 2827 [details] patch for scanf to handle %p as long on 64bits platforms When scanning %p conversion, sscanf stores value as an unsigned integer. On 64bits platforms (e.g. x86_64), this causes returned pointers to be invalid since high-word is lost. Test to reproduce: #include <stdio.h> #define PREFIX "ZZZZZ" int main (int qrgc, char **argv) { void *p = (void*) 0x1122334455667788; char *s = PREFIX "0xABCD00004321"; sscanf(s,PREFIX"%p",&p); printf("scanned '%s', got %p\n",s,p); return 0; } This was observed with latest snapshot from master branch, but since code in _sscanf.c hasn't been modified since 2009, bug should exist in several prior releases (while affecting only 64bits platforms). To work around this, I modified QUAL_CHARS so %p conversion uses PDS value (like %t modifier) when calling store_inttype(). Patch attached.