Bug 3037 - scanf handles %p as an integer, truncated value on 64bits platforms
Summary: scanf handles %p as an integer, truncated value on 64bits platforms
Status: RESOLVED FIXED
Alias: None
Product: uClibc
Classification: Unclassified
Component: stdio (show other bugs)
Version: 0.9.32
Hardware: PC Linux
: P5 normal
Target Milestone: 0.9.32
Assignee: unassigned
URL:
Keywords:
: 3031 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-12-31 10:38 UTC by Eric Hassold
Modified: 2011-01-11 18:50 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:

Attachments
patch for scanf to handle %p as long on 64bits platforms (602 bytes, text/plain)
2010-12-31 10:38 UTC, Eric Hassold 		Details
Enforce datatype (int, long) for %p specifier in scanf (516 bytes, patch)
2011-01-02 00:00 UTC, Eric Hassold 		Details
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Hassold 2010-12-31 10:38:45 UTC 
Created attachment 2827 [details]
patch for scanf to handle %p as long on 64bits platforms

When scanning %p conversion, sscanf stores value as an unsigned integer. On 64bits platforms (e.g. x86_64), this causes returned pointers to be invalid since high-word is lost. Test to reproduce:

     #include <stdio.h>
     #define PREFIX "ZZZZZ"
     
     int main (int qrgc, char **argv) {
       void *p = (void*) 0x1122334455667788;
       char *s = PREFIX "0xABCD00004321";
       sscanf(s,PREFIX"%p",&p);
       printf("scanned '%s', got %p\n",s,p);
       return 0;
     }

This was observed with latest snapshot from master branch, but since code in _sscanf.c hasn't been modified since 2009, bug should exist in several prior releases (while affecting only 64bits platforms).

To work around this, I modified QUAL_CHARS so %p conversion uses PDS value (like %t modifier) when calling store_inttype(). Patch attached.
Comment 1 Eric Hassold 2010-12-31 10:42:12 UTC 
*** Bug 3031 has been marked as a duplicate of this bug. ***
Comment 2 Eric Hassold 2011-01-02 00:00:45 UTC 
Created attachment 2833 [details]
Enforce datatype (int, long) for %p specifier in scanf
Comment 3 Bernhard Reutner-Fischer 2011-01-11 18:50:20 UTC 
Fixed to the same effect as e0d2b8e59beba49d6c2bdcf24257cc1834ce2b26
Many thanks for tracking this down!