On 01/22/2014 02:21 PM, Eric Blake wrote:
> On 01/22/2014 12:05 PM, John Ferlan wrote:
>> A new version of Coverity found a number of issues:
>>
>
>> @@ -1415,7 +1418,7 @@ static int parse_ip_address(const char *id,
>> if (strstr(id, "[") != NULL) {
>> /* its an ipv6 address */
>> ret = sscanf(id, "%a[^]]]:%as", &tmp_ip, &tmp_port);
>
> Unrelated to your cleanups, but also a problem: This use of sscanf is
> non-portable, and very likely to crash on non-glibc. %a in C99 means to
> scan a floating point number (similar to %f), which is _very different_
> from glibc's older meaning of malloc'ing into the destination. %m is
> the preferred spelling for the intent of the code here.
>
If you have seen my 0/6 update - I sent to the wrong list.
As for the portability - suffice to say the libvirt-cim code is nowhere
near as clean as libvirt (and friends). It's code that doesn't see a lot
of change...
Thanks for the heads up though - I will follow up there with a change to
use %m rather than %a. I read the man page and did wonder how/why %a
was used, but didn't dig into when the code was added.
John
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list