[llvm-commits] [PATCH] Replace use of sscanf with string object operations
Martinez, Javier E
javier.e.martinez at intel.com
Fri Oct 12 00:57:18 PDT 2012
Hi Ben,
Thanks for the tip, the changes look much cleaner that way. Can you please review again?
Thanks,
Javier
-----Original Message-----
From: Benjamin Kramer [mailto:benny.kra at gmail.com]
Sent: Thursday, October 04, 2012 2:15 AM
To: Martinez, Javier E
Cc: llvm-commits at cs.uiuc.edu
Subject: Re: [llvm-commits] [PATCH] Replace use of sscanf with string object operations
On 04.10.2012, at 06:48, "Martinez, Javier E" <javier.e.martinez at intel.com> wrote:
> Hello,
>
> Attached is a patch to remove the use of sscanf. The misuse of some C string functions such as sscanf can cause as security vulnerability. As discussed in the development mailing list the preference is to use string objects to manipulate strings instead of the C functions.
>
> Please review the patch and commit if the changes are ok.
> Index: lib/Archive/ArchiveReader.cpp
> ===================================================================
> --- lib/Archive/ArchiveReader.cpp (revision 165159)
> +++ lib/Archive/ArchiveReader.cpp (working copy)
> @@ -19,6 +19,7 @@
> #include <cstdio>
> #include <cstdlib>
> #include <memory>
> +#include <sstream>
> using namespace llvm;
>
> /// Read a variable-bit-rate encoded unsigned integer @@ -221,9
> +222,9 @@
> member->path.set(pathname);
> member->info.fileSize = MemberSize;
> member->info.modTime.fromEpochTime(atoi(Hdr->date));
> - unsigned int mode;
> - sscanf(Hdr->mode, "%o", &mode);
> - member->info.mode = mode;
> + std::istringstream convertString;
> + convertString.str(Hdr->mode);
> + convertString >> std::oct >> member->info.mode;
StringRef.getAsInteger is the preferred way to do this in LLVM.
> member->info.user = atoi(Hdr->uid);
> member->info.group = atoi(Hdr->gid);
> member->flags = flags;
> Index: lib/Target/NVPTX/NVPTXAsmPrinter.cpp
> ===================================================================
> --- lib/Target/NVPTX/NVPTXAsmPrinter.cpp (revision 165150)
> +++ lib/Target/NVPTX/NVPTXAsmPrinter.cpp (working copy)
> @@ -561,14 +561,19 @@
>
> case MachineOperand::MO_ExternalSymbol: {
> const char * symbname = MO.getSymbolName();
> - if (strstr(symbname, ".PARAM") == symbname) {
> + std::string symb(symbname);
> + if (symb.find(".PARAM") == 0) {
Is strstr really deprecated? Anyways, there is StringRef.startswith that handles this in a elegant and readable way.
> unsigned index;
> - sscanf(symbname+6, "%u[];", &index);
> + symb.replace(0,6,"");
> + std::istringstream iss(symb);
> + iss >> index;
StringRef.getAsInteger
> printParamName(index, O);
> }
> - else if (strstr(symbname, ".HLPPARAM") == symbname) {
> + else if (symb.find(".HLPPARAM") == 0) {
> unsigned index;
> - sscanf(symbname+9, "%u[];", &index);
> + symb.replace(0,9,"");
> + std::istringstream iss(symb);
> + iss >> index;
dito
- Ben
> O << *CurrentFnSym << "_param_" << index << "_offset";
> }
> else
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sscanf.patch
Type: application/octet-stream
Size: 1584 bytes
Desc: sscanf.patch
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20121012/17e3abd5/attachment.obj>
More information about the llvm-commits
mailing list