Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Mar 2019 14:34:21 +0000
From: Pascal Cuoq <>
To: "" <>
CC: Natanael ncopa Copa <>, Marian Buschsieweke
Subject: Re: segfault on sscanf


> On 14 Mar 2019, at 14:29, Szabolcs Nagy <> wrote:
> * A. Wilcox <> [2019-03-14 07:44:55 -0500]:
>> On Mar 14, 2019, at 4:46 AM, Marian Buschsieweke <> wrote:
>>> running pdflatex on Alpine Linux for a specific document resulted in a
>>> segfault, which I could trace down to a specific call to sscanf. This is a
>>> minimum example to reproduce that segfault:
>>>   #include <stdio.h>
>>>   int main(void) {
>>>       const char *too_parse = "0 1 -1 0";
>>>       double f1,f2,f3,f4;
>>>       char dummy;
>>>       sscanf(too_parse, " %lf %lf %lf %lf %c", &f1, &f2, &f3, &f4, &dummy);
>>>       printf("f1=%f, f2=%f, f3=%f, f4=%f, dummy=\"%c\"\n", f1, f2, f3, f4, dummy);
>>>       return 0;
>>>   }
>> Hi Marian,
>> In your example you have four fields, but sscanf is looking for five. You have run off the end of the string. This is illegal/UB.  Is this intentional in your test case?
> the example does not look undefined to me.
>  The sscanf function returns the value of the macro EOF if an input
>  failure occurs before the first conversion (if any) has completed.
>  Otherwise, the sscanf function returns the number of input items
>  assigned, which can be fewer than provided for, or even zero, in
>  the event of an early matching failure.
> invalid format specifier, invalid argument type or overflow during
> conversion would be undefined, but input parsing error is not.

Years of efforts have been poured in this quick online checker for UB in C snippets, and it doesn't think there's UB in the sscanf call, either:

The call to printf is UB, because the variable dummy has been left uninitialized.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.