Bug#1337: Improper use of sscanf in procps

To: debian-bugs@Pixar.com, cblake@ucsd.edu
Subject: Bug#1337: Improper use of sscanf in procps
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Date: Thu, 19 Oct 1995 21:36:02 +0100 (MET)
Message-id: <[🔎] 199510192036.VAA19249@i17linuxb.ists.pwr.wroc.pl>
Reply-to: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, debian-bugs@Pixar.com

The patch which replaces the %40c format with %39s sometimes doesn't
do the right thing: if the command name contains whitespace, it will
be truncated (according to the scanf man page, the %s format "matches
a sequence of non-white-space characters").  I suggest to apply the
patch below.

BTW, this bug also sometimes causes strange output for zombie processes:
the pid and uid fields containing garbage.  After converting the strange
pid value to hex and each byte to ASCII, this is "ie>\0".  This is caused
by strcat() adding " <zombie>" to the string which is too long (not NUL-
terminated) and overwriting other fields in the structure.  Not good...

Marek

diff -urN procps-0.97.orig/snap.c procps-0.97/snap.c
--- procps-0.97.orig/snap.c	Sun Sep 25 19:46:21 1994
+++ procps-0.97/snap.c	Thu Oct 19 21:33:56 1995
@@ -35,7 +35,8 @@
 	    ;
     *tmp='\0';
     /* Now we can parse these two strings separately */
-    sscanf(S, "%d %40c", &P->pid, P->cmd);
+    memset(P->cmd, 0, sizeof(P->cmd);
+    sscanf(S, "%d %39c", &P->pid, P->cmd);  /* sizeof(P->cmd) == 40 */
     sscanf(tmp+1, "%c %d %d %d %d %d %u %u %u %u %u %d %d %d %d %d %d %u %u "
                   "%d %u %u %u %u %u %u %u %u %d %d %d %d %u",
            &P->state, &P->ppid, &P->pgrp, &P->session, &P->tty, &P->tpgid,

Reply to:

Prev by Date: Re: an idea in search of comments
Next by Date: Re: an idea in search of comments
Previous by thread: Re: an idea in search of comments
Next by thread: Bug#1706: xterm sets wrong tty perms
Index(es):
- Date
- Thread