From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id F2BCF385624E; Sat, 23 Apr 2022 09:04:22 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F2BCF385624E
From: "vwebber at msn dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/105357] dereferenced ptr on param stack gets over written
Date: Sat, 23 Apr 2022 09:04:22 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Version: 9.4.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: vwebber at msn dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: INVALID
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-105357-4-PpvQp7SiAd@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-105357-4@http.gcc.gnu.org/bugzilla/>
References: <bug-105357-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2022 09:04:23 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105357

--- Comment #3 from vwebber <vwebber at msn dot com> ---
Thank you for the comments.=20

However, the data being overwritten is on the stack in a function which is
called after the problematic scanf() etc are are run.

I would suggest running up GDB and do a break on access of the overwritten
lvalue.=20=20

Regards,=20

Victor Webber
V&T: 408-221-8467=20
V:      805-924-1953
vwebber@msn.com


-----Original Message-----
From: pinskia at gcc dot gnu.org <gcc-bugzilla@gcc.gnu.org>=20
Sent: Saturday, April 23, 2022 1:07 AM
To: vwebber@msn.com
Subject: [Bug c/105357] dereferenced ptr on param stack gets over written

https://nam12.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgcc.gnu=
.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D105357&amp;data=3D05%7C01%7C%7Cccc94c=
12b24440504a1d08da25003521%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637=
862980067506332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI=
iLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=3DXv3EJ%2FCciXIGx=
8Y9sxvqo1rw9mcvMISwNFnGD5Dbowk%3D&amp;reserved=3D0

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> --- You need
better error checking in your code.
scanf can fail and scanf with %s without a size can definitely have a buffer
overflow.

You might be able to detect some of this with -fsanitize=3Daddress or by us=
ing
valgrind.

This is almost definitely not a bug in GCC.

--
You are receiving this mail because:
You reported the bug.=