Re: [LTP] [PATCH 1/2] mem/lib: add vm tunable file read/write/check func

Fri, 09 Sep 2011 10:32:56 -0700 

Hi, Cyril
> Hi!
> > > Using sscanf() to fill string buffer is potentialy dangerous. You
> > > could
> > > either to use GNU extension to hardcode maximal buffer length into
> > > the
> > > format string or to go trough the string while you find whitespace
> > > (see
> > > isspace()).
> > I'm not sure how to changed it, could you give me more details about
> > how to avoid
> > Using sscanf(). and always I think Using sscanf() can solve this
> > question.
> 
> Well, the problem with sscanf("%s", buf) is that the sscanf() don't
> know
> how long is the buffer and that may lead to buffer overflow and
> strange
> and unexpected behavior.
Hmm, 
+long long read_meminfo(char *item)
+{
+       FILE *fp;
+       char line[BUFSIZ], buf[BUFSIZ];
+       long long val;
+
+       fp = fopen(PATH_MEMINFO, "r");
+       if (fp == NULL)
+               tst_brkm(TBROK|TERRNO, cleanup, "fopen %s", PATH_MEMINFO);
+       while (fgets(line, BUFSIZ, fp) != NULL) {
+               if (sscanf(line, "%s %lld", buf, &val) == 2)
+                       if (strcmp(buf, item) == 0) {
+                               fclose(fp);
+                               return val;
in this case, read_meminfo can only read /proc/meminfo,
fgets() read a line from /proc/meminfo one time, and the content of
the line would always be like as this:
MemTotal:        8080956 kB
and sscanf(line, "%s %lld", buf, &val) can match the item.
so I think it is enough safe to get it.
PTY: it's a little hard for me to use GNU extension to hardcode the maximal 
length.
> 
> Generally there are two ways how to fix it. Either use GNU extension
> to
> hardcode the maximal length of the buffer into the string, eg.
> sscanf("%64s, buf); would say sscanf to use at most 64 bytes of the
> buffer. Or go trough the string with while cycle till you find first
> occurence of whitespace.
> 
> --
> Cyril Hrubis
> [email protected]

-- 
Thanks,
Zhouping Liu

------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT 
space for its ease of implementation, lower cost, and increased 
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to