On Thu, 16 Feb 2012, Eric Blake wrote: > On 02/16/2012 12:23 PM, malc wrote: > > On Thu, 16 Feb 2012, Michael S. Tsirkin wrote: > > > >> Use scanf instead of manual string scanning. > >> > >> + > >> + /* Parse [[<domain>:]<bus>:]<slot> */ > >> + sscanf(addr, "%x:%x:%x%n", &dom, &bus, &slot, &n); > > > > sscanf can fail. > > Worse, the *scanf family has undefined behavior on integer overflow. If > addr contains "100000000000000:0:0", there's no telling whether it will > be diagnosed as a parse error, or silently accepted and truncated, in > which case, there's no telling what dom will contain. > > I cringe any time I see someone using scanf to parse numbers from > arbitrary user input; I barely tolerate it for parsing things generated > by the kernel, but even there, I won't ever use scanf myself. Same goes > for atoi. _Only_ strtol and friends can robustly parse arbitrary input > into integers.
To whomever wanted to apply this - don't. -- mailto:av1...@comtv.ru
