flat assembler
Message board for the users of flat assembler.

Index > Heap > glibc bug?

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
hi, i found maybe-a-bug in glibc, but i have no idea where to report it. author of code is "drepper" and i heard this is not the way.

problem is with scanf()-like functions reading numbers. They don't check for overflow. For example, if you type "4294967297" to "scanf(%d)", it is just as if you would type "1".

Routine they use to convert number ("__strtol_internal" in "dlfcn/eval.c") returns overflow as error, but they don't check it:

Example can be seen at "stdio-common/vfscanf.c":
Code:
                        1533:          /* Convert the number.  */
1.66          drepper   1534:          ADDW (L_('\0'));
1.61          drepper   1535:          if (need_longlong && (flags & LONGDBL))
1.1           roland    1536:            {
                        1537:              if (number_signed)
1.36          drepper   1538:                num.q = __strtoll_internal (wp, &tw, base, flags & GROUP);
1.1           roland    1539:              else
1.36          drepper   1540:                num.uq = __strtoull_internal (wp, &tw, base, flags & GROUP);
1.1           roland    1541:            }
                        1542:          else
                        1543:            {
                        1544:              if (number_signed)
1.13          roland    1545:                num.l = __strtol_internal (wp, &tw, base, flags & GROUP);
1.1           roland    1546:              else
1.13          roland    1547:                num.ul = __strtoul_internal (wp, &tw, base, flags & GROUP);
1.1           roland    1548:            }
1.110.2.4    |jakub     1549:          if (__builtin_expect (wp == tw, 0))
1.1           roland    1550:            conv_error ();    

they only check wp == tw, eg. if no character was converted, eg. if there is not valid type of number.

overflow error is returned in "errno" as "ERANGE".



Now, is someone here able to report this to someone, who will fix this?


Last edited by vid on 15 Dec 2006, 22:59; edited 1 time in total
Post 14 Dec 2006, 21:22
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Octavio



Joined: 21 Jun 2003
Posts: 366
Location: Spain
Octavio
I´m not sure this is a bug, perhaps it is the standard, i rememeber when i
was programing in 'MS QuickC' that 'scanf ' crashes my program because this function is not designed to handle incorrect inputs ,wich makes it useless. I also think that many 'C' functions are now obsolete.
Post 15 Dec 2006, 16:23
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
i tried to find anything about it in susv3 standard, but i didn't. If standard says nothing, then they should implement it best way possible.
Post 15 Dec 2006, 16:27
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
vid, you could try posting in Google Groups (under comp.lang.c or comp.os.msdos.djgpp or whatever), and see what they say.
Post 15 Dec 2006, 18:52
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
posted in comp.lang.c
Post 15 Dec 2006, 19:34
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.