As far as I can tell, there will be a buffer overrun if the user writes IO_MAXLINE number of characters due to the line
temp_buf[i + 1] = '\0';
Hi Bjorn,
I don't see the problem here. Could you explain?
Regards,
Carlos
Certainly. I have included the source for clarity.
The temp_buf buffer is IO_MAXLINE characters long [0..IO_MAXLINE-1].
The for loop allows characters to be entered from 0 to IO_MAXLINE-1.
If the input stream provides characters continuously and none of them is a newline '\n', the loop will eventually enter at i = IO_MAXLINE-1.
Following that, the erroneous line will be executed with this value of i.
This results in an end-of-string character '\0' being put at temp_buf[IO_MAXLINE] which is *outside* of the buffer!
This results in either the ap variable or some stack-stored registers (I am not sure of the "direction" of the buffer overrun) getting altered which, either way, can not be desirable.
Nonetheless, there is a (potential) buffer overrun and I think it should be removed.
All the best,
Björn
int debug_scanf(const char *fmt_ptr, ...)
{
char temp_buf[IO_MAXLINE];
va_list ap;
uint32_t i;
char result;
va_start(ap, fmt_ptr);
temp_buf[0] = '\0';
for (i = 0; i < IO_MAXLINE; i++)
{
temp_buf[i] = result = debug_getchar();
if (result == '\n')
{
/* End of Line */
break;
}
temp_buf[i + 1] = '\0';
}
result = scan_prv(temp_buf, (char *)fmt_ptr, ap);
va_end(ap);
return result;
}
Hi, Bjorn
I apologize for the late response, are you still having the same issue?
Regards
Patricia
Sorry for even later response.
What do you mean by "still"? As far as I understand, the code is in error until it is fixed. Have you fixed it?
Hi Bjorn,
This is solved in KSDK1.3.
Thanks for your comments.
Best regards,
Carlos
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------