[Bug regex/6722] New: sscanf bug when parsing lines from /proc/net/tcp

[Bug regex/6722] New: sscanf bug when parsing lines from /proc/net/tcp

[lists at roberthogan dot net]

Using:

    len = sscanf(big_str, "%*d: %8x:%4x %8x:%4x"
      " %*2x %*8x:%*8x %*2x:%*8x %*8x %d %*d %u \n", 
      &locaddr, (unsigned int *) &locport, &remaddr, (unsigned int *) &remport, 
&uid, &inode);

on

   8: 00000000:008B 00000000:0000 0A 00000000:00000000 00:00000000 00000000     
0        0 9678 1 ec772480 750 0 0 2 -1

(i.e. a line from /proc/net/tcp)

leaves locport (which should be the contents of 008B) at 0.

To work around this problem I have had to do the following:

    len = sscanf(big_str, "%*d: %*8x:%*4x %*8x:%*4x"
      " %*2x %*8x:%*8x %*2x:%*8x %*8x %d %*d %*u \n", 
      &uid);

    len += sscanf(big_str, "%*d: %*8x:%*4x %8x:%4x"
      " %*2x %*8x:%*8x %*2x:%*8x %*8x %*d %*d %*u \n", 
      &remaddr, (unsigned int *) &remport);

    len += sscanf(big_str, "%*d: %8x:%4x \n",
      &locaddr, &locport);

    len += sscanf(big_str, "%*d: %*8x:%*4x %*8x:%*4x"
      " %*2x %*8x:%*8x %*2x:%*8x %*8x %*d %*d %u \n", 
      &inode);

(The 4 calls are the first series I tried that worked. The first combinations 
of 2 or 3 calls I used resulted in one or other of the variables being 
clobbered to 0.)



Host type: i486-slackware-linux-gnu
System: Linux darkstar 2.6.24.4-smp #1 SMP Wed Apr 9 15:27:38 CDT 2008 i686 
Intel(R) Celeron(R) CPU 2.40GHz GenuineIntel GNU/Linux
Architecture: i686

Addons: linuxthreads
Build CFLAGS: -g -O2 -march=i486 -mcpu=i686
Build CC: i486-slackware-linux-gcc
Compiler version: 3.3.3
Kernel headers: UTS_RELEASE
Symbol versioning: yes
Build static: yes
Build shared: yes
Build pic-default: no
Build profile: yes
Build omitfp: no
Build bounded: no
Build static-nss: no

-- 
           Summary: sscanf bug when parsing lines from /proc/net/tcp
           Product: glibc
           Version: 2.3.2
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
        AssignedTo: drepper at redhat dot com
        ReportedBy: lists at roberthogan dot net
                CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
                    bugs at sources dot redhat dot com,lists at roberthogan
                    dot net
 GCC build triplet: i486-slackware-linux-gcc
  GCC host triplet: i486-slackware-linux-gnu


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[halesh dot s at gmail dot com]

------- Additional Comments From halesh dot s at gmail dot com  2008-07-07 09:35 -------
Hi Robert,

Please check the below testcase..

$cat test.c
#include <stdio.h>
int main()
{

        FILE *f;
        int locaddr, locport, remaddr, remport, uid, inode;
        char big_str[256];

        f = fopen("/proc/net/tcp", "r");

        fgets(big_str,256,f);
        printf("%s\n", big_str);

        fgets(big_str,256,f);
        printf("%s\n", big_str);
        sscanf(big_str, "%*d: %8x:%4x %8x:%4x %*2x %*8x:%*8x %*2x:%*8x %*8x %d 
%*d %u \n",&locaddr, (unsigned int *) &locport, &remaddr, (unsigned int *) 
&remport,&uid, &inode);

        printf("LocAddr:%d LocPort:%x RemAddr:%x RemPort:%x uid:%d inode:%d
\n",locaddr, locport, remaddr, remport, uid, inode);
}


$ gcc -o test test.c

$ ./test
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   
uid  timeout inode                             

   0: 0100007F:1780 00000000:0000 0A 00000000:00000000 00:00000000 00000000   
504        0 5488802 1 0df2da80 3000 0 0 2 -1  

LocAddr:100007f LocPort:1780 RemAddr:0 RemPort:0 uid:504 inode:5488802

Local port gets stored correctly using sscanf.
I have checked with glibc 2.3 and glibc 2.7. I was not able to reproduce.
I have checkd for all the enties in tcp file in a loop and worked fine.

Please revert back with the problem scenario if my understanding is not correct.

-Thanks,
 Halesh

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[lists at roberthogan dot net]

------- Additional Comments From lists at roberthogan dot net  2008-07-07 18:48 -------
Apologies, I should have provided the full test case. This should recreate the 
problem. locaddr and remaddr are 32-bit ints.

#include <stdio.h>
# include <sys/types.h>

int main()

{
  FILE *f;
  u_int32_t locaddr, remaddr, uid, inode = 0;
  u_int16_t locport, remport;

  static char big_str[151];

f = fopen("/proc/net/tcp", "r");

fgets(big_str,151,f);

  while (fgets(big_str, 152, f) != NULL) {
  
  
    sscanf(big_str, "%*d: %8x:%4x %8x:%4x %*2x %*8x:%*8x %*2x:
%*8x%*8x %d %*d %u \n",
                  &locaddr, (unsigned int *) &locport, &remaddr,
                  (unsigned int *) &remport,&uid, &inode);
  
    printf("%s", big_str);
  
    printf("%d %x %x %x %x %x\n",locaddr, locport, remaddr, remport, uid, 
inode);
  }

}

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[schwab at suse dot de]

------- Additional Comments From schwab at suse dot de  2008-07-07 19:19 -------
> locaddr and remaddr are 32-bit ints.

No, they are not. You are violation the strict-aliasing rules.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[jakub at redhat dot com]

------- Additional Comments From jakub at redhat dot com  2008-07-07 19:42 -------
Well, locaddr and remaddr are 32-bit ints, but locport and remport are not;
the testcase doesn't only violate aliasing rules, but with the 32-bit write
to 16-bit memory locations also clobbers unrelated memory on the stack.
Either use %8x:%4hx and kill the bogus casts, or you need to assign to
int/unsigned int temporaries and copy to the short vars afterwards.


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[halesh dot s at gmail dot com]

------- Additional Comments From halesh dot s at gmail dot com  2008-07-08 04:09 -------
(In reply to comment #4)
> Either use %8x:%4hx and kill the bogus casts, or you need to assign to
> int/unsigned int temporaries and copy to the short vars afterwards.

I have not changed the testcase as u mentioned, instead i exchanged the 
declaration order of ports...Now its working fine..

Please check the testcase

#include <stdio.h>
#include <sys/types.h>

int main()
{
        u_int32_t locaddr, remaddr, uid, inode = 0;

        /* changed the order of declaration in testcase provided by robert*/

        u_int16_t remport, locport;

        FILE *f;
        char big_str[256];

        f = fopen("/proc/net/tcp", "r");

        fgets(big_str,256,f);
        printf("%s\n", big_str);

        while(fgets(big_str,256,f) != NULL) {
                printf("%s\n", big_str);
                sscanf(big_str, "%*d: %8x:%4x %8x:%4x %*2x %*8x:%*8x %*2x:%*8x 
%*8x %d %*d %u \n",&locaddr, (unsigned int *) &locport, &remaddr, (unsigned int 
*) &remport,&uid, &inode);

                printf("LocAddr:%x LocPort:%x RemAddr:%x RemPort:%x uid:%d 
inode:%d\n",locaddr, locport, remaddr, remport, uid, inode);
        }
}

O/P is
........
........
53: C865582B:8116 CD65582B:0016 01 00000000:00000000 02:000082E4 00000000     
0        0 3258616 2 195aca80 202 40 0 2 -1  

LocAddr:c865582b LocPort:8116 RemAddr:cd65582b RemPort:16 uid:0 inode:3258616
........
........

Results are fine now.
It depends upon alignment of 16 bit variables or what???




-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at redhat dot com,
                   |                            |schwab at suse dot de


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[halesh dot s at gmail dot com]

------- Additional Comments From halesh dot s at gmail dot com  2008-07-08 07:46 -------
(In reply to comment #4)
> Well, locaddr and remaddr are 32-bit ints, but locport and remport are not;
> the testcase doesn't only violate aliasing rules, but with the 32-bit write
> to 16-bit memory locations also clobbers unrelated memory on the stack.
> Either use %8x:%4hx and kill the bogus casts, or you need to assign to
> int/unsigned int temporaries and copy to the short vars afterwards.
> 


We can avoide cloberring of 16 bit hex vairables by using %hx, How to avoide 
the same when using u_int8_t variables.
We cant use %hx for u_int8_t as its only upto short int - 16 bits.

Please check the below testcase

#include <stdio.h>
#include <sys/types.h>

int main()
{

        int cur = 123;
        u_int8_t var1;
        u_int8_t var2;

        scanf("%x", &var1);
        scanf("%x", &var2);

        printf("var1 = %x\n", var1);
        printf("var2 = %x\n", var2);

        printf("cur = %d\n", cur);
}

O/P is...
1 
2 
var1 = 0  **
var2 = 2
cur = 0  **

How to avoide the clobbering while using of 8 bit hex??
Any idea abt this??

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[jakub at redhat dot com]

------- Additional Comments From jakub at redhat dot com  2008-07-08 07:53 -------
Just check the man page/info libc, for {{,un}signed ,}char %hhx.
Note this bugzilla is for reporting bugs in glibc, not a newbie programmer
help forum.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug regex/6722] sscanf bug when parsing lines from /proc/net/tcp

[lists at roberthogan dot net]

------- Additional Comments From lists at roberthogan dot net  2008-07-08 17:52 -------
(In reply to comment #7)
> Just check the man page/info libc, for {{,un}signed ,}char %hhx.
> Note this bugzilla is for reporting bugs in glibc, not a newbie programmer
> help forum.

Lesson learnt! Apologies for not researching this more thoroughly and thanks to 
all for taking the time to point out my mistake.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=6722

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.