[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1337: Improper use of sscanf in procps

The patch which replaces the %40c format with %39s sometimes doesn't
do the right thing: if the command name contains whitespace, it will
be truncated (according to the scanf man page, the %s format "matches
a sequence of non-white-space characters").  I suggest to apply the
patch below.

BTW, this bug also sometimes causes strange output for zombie processes:
the pid and uid fields containing garbage.  After converting the strange
pid value to hex and each byte to ASCII, this is "ie>\0".  This is caused
by strcat() adding " <zombie>" to the string which is too long (not NUL-
terminated) and overwriting other fields in the structure.  Not good...


diff -urN procps-0.97.orig/snap.c procps-0.97/snap.c
--- procps-0.97.orig/snap.c	Sun Sep 25 19:46:21 1994
+++ procps-0.97/snap.c	Thu Oct 19 21:33:56 1995
@@ -35,7 +35,8 @@
     /* Now we can parse these two strings separately */
-    sscanf(S, "%d %40c", &P->pid, P->cmd);
+    memset(P->cmd, 0, sizeof(P->cmd);
+    sscanf(S, "%d %39c", &P->pid, P->cmd);  /* sizeof(P->cmd) == 40 */
     sscanf(tmp+1, "%c %d %d %d %d %d %u %u %u %u %u %d %d %d %d %d %d %u %u "
                   "%d %u %u %u %u %u %u %u %u %d %d %d %d %u",
            &P->state, &P->ppid, &P->pgrp, &P->session, &P->tty, &P->tpgid,

Reply to: