Re: sscanf() safety

Discussion in 'C Programming' started by Barry Schwarz, Dec 24, 2010.

  1. On Thu, 23 Dec 2010 23:20:54 +0530, Cross <> wrote:

    >Hello
    >
    >I am working on an rtf renderer and parser. My code is hosted at
    >http://code.google.com/p/ertf . I tried kcachegrind on my binaries and found
    >that getc() is taking a lot of time. Obviously, character read from files is
    >slow. So, I decided to read the whole file into memory as a char buffer. Please
    >feel free to comment and suggest on the following code. Now, I want to scan the
    >char buffer using sscanf(). However, I remember once I heard in a chat room that
    >sscanf() has buffer overflow vulnerabilities. I would like pointers on this and
    >would like to know how I can use sscanf() safely.
    >
    >if(!fp){
    > fprintf(stderr, "File pointer uninitialized.\n");
    > goto close_strbuf;
    > }
    >
    > while((count = fread(cp, 1, 4096, fp))){
    > if(feof(fp))break;


    There are other reasons besides end of file that will cause fread to
    stop prior to reading all 4096 bytes requested.

    > strbuf_append(buf, cp);


    Since cp needs to be zero terminated (see assignment statement below),
    how do you insure that cp[4096] is '\0'?

    > }
    > cp[count] = '\0';


    Are you sure that the file will never contain a '\0'?

    > strbuf_append(buf, cp);
    > fclose(fp);
    >
    >--- news://freenews.netfront.net/ - complaints: ---


    --
    Remove del for email
    Barry Schwarz, Dec 24, 2010
    #1
    1. Advertising

  2. On Fri, 24 Dec 2010 23:29:51 +0530, Cross <> wrote:

    >On 12/24/2010 05:50 AM, Barry Schwarz wrote:
    >> On Thu, 23 Dec 2010 23:20:54 +0530, Cross<> wrote:
    >>
    >>> Hello
    >>>
    >>> I am working on an rtf renderer and parser. My code is hosted at
    >>> http://code.google.com/p/ertf . I tried kcachegrind on my binaries and found
    >>> that getc() is taking a lot of time. Obviously, character read from files is
    >>> slow. So, I decided to read the whole file into memory as a char buffer. Please
    >>> feel free to comment and suggest on the following code. Now, I want to scan the
    >>> char buffer using sscanf(). However, I remember once I heard in a chat room that
    >>> sscanf() has buffer overflow vulnerabilities. I would like pointers on this and
    >>> would like to know how I can use sscanf() safely.
    >>>
    >>> if(!fp){
    >>> fprintf(stderr, "File pointer uninitialized.\n");
    >>> goto close_strbuf;
    >>> }
    >>>
    >>> while((count = fread(cp, 1, 4096, fp))){
    >>> if(feof(fp))break;

    >>
    >> There are other reasons besides end of file that will cause fread to
    >> stop prior to reading all 4096 bytes requested.
    >>
    >>> strbuf_append(buf, cp);

    >>
    >> Since cp needs to be zero terminated (see assignment statement below),
    >> how do you insure that cp[4096] is '\0'?
    >>
    >>> }
    >>> cp[count] = '\0';

    >>
    >> Are you sure that the file will never contain a '\0'?

    >Interesting posibility. I would like to know how to handle that.


    One way would be to eliminate the implicit assumption that the data
    read from the file can be treated as a single string. You might need
    to pass some additional or slightly modified arguments to
    strbuf_append but memcpy could provide the heavy lifting.

    >>
    >>> strbuf_append(buf, cp);
    >>> fclose(fp);
    >>>
    >>> --- news://freenews.netfront.net/ - complaints: ---

    >>

    >
    >
    >--- news://freenews.netfront.net/ - complaints: ---


    --
    Remove del for email
    Barry Schwarz, Dec 24, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anonymous
    Replies:
    0
    Views:
    469
    Anonymous
    Oct 30, 2003
  2. pramod
    Replies:
    22
    Views:
    1,809
    Lew Pitcher
    Jan 6, 2004
  3. Mike

    sscanf and c++!

    Mike, Jun 8, 2004, in forum: C++
    Replies:
    3
    Views:
    3,543
  4. Nobody

    Re: sscanf() safety

    Nobody, Dec 23, 2010, in forum: C Programming
    Replies:
    0
    Views:
    545
    Nobody
    Dec 23, 2010
  5. Jens Thoms Toerring

    Re: sscanf() safety

    Jens Thoms Toerring, Dec 23, 2010, in forum: C Programming
    Replies:
    5
    Views:
    1,236
    Jens Thoms Toerring
    Jan 10, 2011
Loading...

Share This Page