[PATCH] fix two bugs in lib/vsprintf.c

[PATCH] fix two bugs in lib/vsprintf.c

[Roland Dreier]

The below patch fixes two bugs in lib/vsprintf.c's implementation of
vsscanf().  First, the man page for vsscanf() says about the 'i'
conversion:

       i      Matches an  optionally  signed  integer;  the  next
              pointer  must  be a pointer to int.  The integer is
              read in base 16 if it begins with `0x' or `0X',  in
              base  8  if  it  begins  with  `0',  and in base 10
              otherwise.  Only characters that correspond to  the
              base are used.

To me this means that vsscanf() should pass base 0 to simple_strtol;
however the Linux implementation defaults to base 10.  The first part
of the patch corrects this.

Second, vsscanf() checks the first character of the number it's about
to read using isdigit(); this is incorrect for hex or octal
conversions.  The second part of this patch corrects vsscanf() to use
the correct check depending on the value of base.

lib/vsprintf.c has not changed in quite a while, so this patch should
apply cleanly to 2.4.17, 2.4.18pre3 and 2.5.2.

Thanks,
  Roland

diff -Naur linux-2.4.17.orig/lib/vsprintf.c linux-2.4.17/lib/vsprintf.c
--- linux-2.4.17.orig/lib/vsprintf.c	Thu Oct 11 11:17:22 2001
+++ linux-2.4.17/lib/vsprintf.c	Tue Jan 15 01:06:29 2002
@@ -616,8 +616,9 @@
 		case 'X':
 			base = 16;
 			break;
-		case 'd':
 		case 'i':
+                        base = 0;
+		case 'd':
 			is_sign = 1;
 		case 'u':
 			break;
@@ -637,7 +638,11 @@
 		while (isspace(*str))
 			str++;
 
-		if (!*str || !isdigit(*str))
+		if (!*str
+                    || (base == 16 && !isxdigit(*str))
+                    || (base == 10 && !isdigit(*str))
+                    || (base == 8 && (!isdigit(*str) || *str > '7'))
+                    || (base == 0 && !isdigit(*str)))
 			break;
 
 		switch(qualifier) {

-- 
Roland Dreier                                <roland@digitalvampire.org>
GPG Key fingerprint = A89F B5E9 C185 F34D BD50  4009 37E2 25CC E0EE FAC0

Re: [PATCH] fix two bugs in lib/vsprintf.c

[Michal Jaegermann]

On Tue, Jan 15, 2002 at 01:25:38AM -0800, Roland Dreier wrote:
> The below patch fixes two bugs in lib/vsprintf.c's implementation of
> vsscanf().

If we are looking at these things I have some gnawing suspicions
that a constant 0xFFFFFFFFUL at line 489 of lib/vsprintf.c
in this function:

    int vsprintf(char *buf, const char *fmt, va_list args)
    {
            return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args);
    }

was really meant to be (size_t)(-1).  It is not the same if a platform
is not 32 bits.  Roland, what do you think?

  Michal

Re: [PATCH] fix two bugs in lib/vsprintf.c

[Roland Dreier]

>>>>> "Michal" == Michal Jaegermann <michal@harddata.com> writes:

    Michal> On Tue, Jan 15, 2002 at 01:25:38AM -0800, Roland Dreier wrote:
    Roland> The below patch fixes two bugs in lib/vsprintf.c's
    Roland> implementation of vsscanf().

    Michal> If we are looking at these things I have some gnawing
    Michal> suspicions that a constant 0xFFFFFFFFUL at line 489 of
    Michal> lib/vsprintf.c in this function:

    int vsprintf(char *buf, const char *fmt, va_list args)
    {
            return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args);
    }

    Michal> was really meant to be (size_t)(-1).  It is not the same
    Michal> if a platform is not 32 bits.  Roland, what do you think?

You are probably right, although I can't see it making much practical
difference (unlike the bugs I fixed, which actually bit me :)  Still,
it wouldn't hurt to fix it.

R.
-- 
Roland Dreier                                <roland@digitalvampire.org>
GPG Key fingerprint = A89F B5E9 C185 F34D BD50  4009 37E2 25CC E0EE FAC0