bruce@stride.UUCP (Bruce Robertson) (03/26/86)
Description:
There is a serious bug in the System V Release 2 Version 2 sscanf()
function. This function does its work by creating a fake
FILE structure with the _file field set to _NFILE, and the
buffer base and count fields delimiting the string that sscanf()
is supposed to scan. This works great normally; the getc() macro
pulls characters out of the string just fine. When the end of
the string is reached, getc() calls the _filbuf() function. The
_file field value of _NFILE is *supposed* to tell _filbuf()
that this is a fake FILE structure, and just EOF should be
returned. Unfortunately, _filbuf() neglects this little detail,
and tries to do all sorts of nasty things to the fake FILE
structure.
sscanf() stomps on this bug if there are more format descriptors
in the format string than there are fields in the string that
it is scanning.
Come on guys, Berkeley got this right, though in a slightly
different fashion!
Repeat-By:
sscanf("a b c d", "%s %s %s %s %s", &a, &b, &c, &d, &e);
Fix:
*** /usr/src/lib/libc/port/stdio/filbuf.c-old Tue Mar 25 21:23:23 1986
--- /usr/src/lib/libc/port/stdio/filbuf.c Tue Mar 25 21:23:24 1986
***************
*** 14,19
{
register FILE *diop;
if (iop->_base == NULL) /* get buffer if we don't have one */
_findbuf(iop);
--- 14,22 -----
{
register FILE *diop;
+ if ((iop->_flag & _IOEOF) || iop->_file == _NFILE)
+ return EOF;
+
if (iop->_base == NULL) /* get buffer if we don't have one */
_findbuf(iop);
--
Bruce Robertson
UUCP: cbosgd!utah-cs!utah-gr!stride!bruce
ARPA: stride!bruce@utah-gr.arpa