gpsd-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-dev] [PATCH] Add Windows versions of time related functions.

From: Gary E. Miller
Subject: Re: [gpsd-dev] [PATCH] Add Windows versions of time related functions.
Date: Fri, 18 Mar 2016 19:55:54 -0700 
Yo Hal!

On Fri, 18 Mar 2016 19:16:55 -0700
Hal Murray <address@hidden> wrote:

> address@hidden said:
> > sscanf() is very touchy and segfaults when you glance at it
> > sideays.   

> Does it segfault trying to read the input string or trying to write a
> string result?

2 problems.  

First, if the input to sscanf() is not exactly what sscanf() is
expecting, it often segfaults.

Second, getting the proper types matched up for the destination
pointers is really hard to do over multiple OS.

Check out how NetBSD does it:


http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/time/strptime.c?rev=HEAD

No sscanf() in there.  That is likely overkill for the needed functions.

> For simple fixed format strings, is it possible to use sscanf with a
> safe format string?  If so, is it possible to automatically verify
> that the format string is safe?

I've never seen a bullet proof use of sscanf() in the wild.  It
certainly caused problems for gpsd in the past.  Once you do all the
work to validate the sscanf() input you have done more work than if you
just parsed it yourself.

The string to be parsed is pretty simple: "%u-%u-%uT%u:%u:%lf"

Just split up the string into 6 parts, using dash, T and colon
as delimiters.  Then just use atoi() on the 6 parts, and range check
the results.  Easy, and hard to break.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        address@hidden  Tel:+1 541 382 8588

Attachment: pgpmWa8XnYZ6w.pgp
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]