public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/67729] New: scanf is missing buffer length sanity check ?
@ 2015-09-27 9:02 dcb314 at hotmail dot com
2023-08-31 12:08 ` [Bug c/67729] -Wformat should warn for %Ns where the buffer size is known to be less than N in size dcb314 at hotmail dot com
0 siblings, 1 reply; 2+ messages in thread
From: dcb314 at hotmail dot com @ 2015-09-27 9:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67729
Bug ID: 67729
Summary: scanf is missing buffer length sanity check ?
Product: gcc
Version: 6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: dcb314 at hotmail dot com
Target Milestone: ---
gcc doesn't seem to sanity check the buffer length
mentioned in a call to scanf with %s
# include <stdio.h>
extern void g( FILE * fp);
void f( FILE * fp)
{
char buf[ 10];
while (fscanf( fp, "%10s", buf))
;
while (fscanf( fp, "%5s", buf))
;
while (fscanf( fp, "%20s", buf))
;
g( fp);
}
$ ~/gcc/results/bin/g++ -c -g -O2 -Wall -Wextra -pedantic sep9a.cc
$ ~/gcc/results/bin/g++ -v
gcc version 6.0.0 20150926 (experimental) (GCC)
Here is cppcheck detecting the problem and suggesting a fix.
$ ~/cppcheck/trunk/cppcheck sep9a.cc
Checking sep9a.cc...
[sep9a.cc:12]: (error) Width 10 given in format string (no. 1) is larger than
destination buffer 'buf[10]', use %9s to prevent overflowing it.
[sep9a.cc:16]: (error) Width 20 given in format string (no. 1) is larger than
destination buffer 'buf[10]', use %9s to prevent overflowing it.
$
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug c/67729] -Wformat should warn for %Ns where the buffer size is known to be less than N in size
2015-09-27 9:02 [Bug c/67729] New: scanf is missing buffer length sanity check ? dcb314 at hotmail dot com
@ 2023-08-31 12:08 ` dcb314 at hotmail dot com
0 siblings, 0 replies; 2+ messages in thread
From: dcb314 at hotmail dot com @ 2023-08-31 12:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67729
--- Comment #5 from David Binderman <dcb314 at hotmail dot com> ---
I just noticed that clang-16.0.6 now implements this check:
$ clang++ -c -g -O2 -Wall -Wextra -Wformat=2 -D_FORTIFY_SOURCE=2 sep9a.cc
sep9a.cc:13:29: warning: 'fscanf' may overflow; destination buffer in argument
3 has size 10, but the corresponding specifier may require size 11
[-Wfortify-source]
while (fscanf( fp, "%10s", buf))
^
sep9a.cc:17:29: warning: 'fscanf' may overflow; destination buffer in argument
3 has size 10, but the corresponding specifier may require size 21
[-Wfortify-source]
while (fscanf( fp, "%20s", buf))
^
2 warnings generated.
$
Still nothing from gcc:
$ ~/gcc/results/bin/g++ -c -g -O2 -Wall -Wextra -Wformat=2 -D_FORTIFY_SOURCE=2
sep9a.cc
$
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-08-31 12:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-27 9:02 [Bug c/67729] New: scanf is missing buffer length sanity check ? dcb314 at hotmail dot com
2023-08-31 12:08 ` [Bug c/67729] -Wformat should warn for %Ns where the buffer size is known to be less than N in size dcb314 at hotmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).