Hello All, I noticed a bug report ASTERISK-25972,
Looking through the code we do the following: sscanf(string,"%30d",&my_int); Now issue is an integer can't hold a number of 30 digits in length, 32bit ints are safe with 9, and 64bit with 19. If we set a value of %9d, if there are any more digits after the first 9 they will be lost but we know the value will be inside the range of an integer. For single value scans, like reading from config files we could 'mitigate' by checking the strlen of the value we intend to read before running scanf, if return is >9, emit a warning stating their value will be truncated and read only the first 9 characters into the integer. If we use just %d, followed by %n we can see how many characters have been consumed, if we determine that it would be too large, emit a warning stating that the value is most likely incorrect. Am I barking up the wrong tree? thoughts?
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
