Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Check return value of sscanf() #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wolkykim merged 1 commit into from
Jul 8, 2023
Merged

Check return value of sscanf() #100

wolkykim merged 1 commit into from
Jul 8, 2023

Conversation

@szsam
Copy link
Contributor

@szsam szsam commented Jun 5, 2023

The variable recvsize is read, but may not have been written. It should be guarded by a check that the call to sscanf returns at least 1.

@szsam
Check return value of sscanf()
9b1a079 
The variable recvsize is read, but may not have been written. It should be
guarded by a check that the call to sscanf returns at least 1.
@Hojun-Cho
Copy link
Contributor

Hojun-Cho commented Jul 8, 2023

I don't think this is a 'should'. - if 'gets_' returned a value of 0 or less, then break the loop. If not, buf contains something.

            char buf[64];
            if (gets_(client, buf, sizeof(buf)) <= 0)
                break;

            // parse chunk size
            unsigned int recvsize;  // this time chunk size
            sscanf(buf, "%x", &recvsize);
            if (recvsize == 0) {
                // end of transfer
                completed = true;
            }

@wolkykim
Copy link
Owner

wolkykim commented Jul 8, 2023
edited
Loading

@szsam Thanks for bringing this up, but as @Hojun-Cho mentioned above, there is no good reason to use CPU clocks for checking the return value of sscanf(). Please let me know if you have other thoughts.

@szsam
Copy link
Contributor Author

szsam commented Jul 8, 2023

if 'gets_' returned a value of 0 or less, then break the loop. If not, buf contains something.

"buf contains something" does not necessarily mean the sscanf call will succeed. E.g. the buf may contain "GGGGG" -- an invalid hex number.

Moreover, recvsize is not initialized. If we do not want to check the return value of sscanf anyway, we should at least initialize recvsize to 0.

@wolkykim wolkykim merged commit 4b15cfb into wolkykim:master Jul 8, 2023
@wolkykim
Copy link
Owner

wolkykim commented Jul 8, 2023

Looking at this issue closely again. You are absolutely right. Thanks for the PR. Merged in.

@b4yuan b4yuan mentioned this pull request Nov 30, 2023
Open
@b4yuan b4yuan mentioned this pull request Feb 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@szsam @Hojun-Cho @wolkykim