Mike Bird via tde-devels wrote:
On Mon May 8 2023 23:18:45 deloptes via tde-devels wrote:
Mike Bird via tde-devels wrote:
%as is looking for a float so let's ignore that.
I found out %as means do not store (strip) the terminator \0.
Do you have a man page for that? The test code is not written to handle non-terminated strings. How would it know the lengths?
There is some documentation to the code but not in this regards.
If we switch back to %s it's looking for a string which would be great except no memory has been allocated for the strings.
The attached works with both gcc and clang but the important thing to remember is NEVER NEVER NEVER use scanf or any variant thereof.
What do you mean it works with gcc? I have debian with gcc-10 and it does following:
My test.c attached to my previous email - sorry I should have chosen a different name to avoid confusion - works with gcc-10 and clang-11 in Debian 11.7 Bullseye.
OK, thank you!
$ ./test String: interpreter usb 0x04b8 0x0142 /usr/lib/esci/libesci-interpreter-perfection-v330 /usr/share/esci/esfwad.bin vendor 4b8 product 142 library (null) firmware (null)
https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/dangers-c.html
I am not the owner of this code. It was working for the past 6y and as reported when compiled last year in Buster it works as well, but now compiled in Bullseye is not working. For me it is not the matter of using it or not, but a change somewhere either in gcc (Buster was using gcc-8) or in the libraries.
Also regarding the memory allocated. You are right. It is working if I allocate memory and use %s instead of %as. Why, oh, why?!
Is there some kind of flag or option for the compiler?
%a currently means floating point.
%as used to be a non-standard and incompatible way of asking for memory to be assigned for the strings but it won't work unless you use special flags. The standards-compliant way to assign memory while scanning is %ms.
So a simple fix would be to change %as to %ms but it's hard to get it right - you have to free(3) the allocated memory but only if the sscanf actually some memory. The attached test3.c shows how to do this in this simple case.
--Mike
This was the solution. The code takes care of freeing the memory, but your example is excellent one.
Thank you