当前位置：网站首页>Sscanf caused the address to be out of bounds

Sscanf caused the address to be out of bounds

2022-07-27 21:02:00 【Li-Yongjun】

problem

test.c

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
    
	int a = 100;
	uint8_t b;

	sscanf("0x15", "0x%x", &b);

	printf("a = 0x%x\n", a);
	printf("b = 0x%x\n", b);

	return EXIT_SUCCESS;
}

$ ./test.out 
a = 0x0
b = 0x15

a Why does the value of become 0 What about it ？

answer

because sscanf In giving b assignment , Because the specified parameter format is %x, therefore sscanf Think b It's a unsigned int type , So the &b Transformed into unsigned int * type , This is giving b assignment , According to unsigned int Such a large space for assignment , As a result, the memory of other variables is manipulated , Cause program problems .
The figure below a) It's what we expect , But because of “%x”, Lead to &b “ Control and control ” The space of is expanded from one byte to four bytes ,“ Embezzlement ” Variable a Space , Pictured b), Lead to a The value of is tampered with .
Insert picture description here

avoid

Actually at compile time , The compiler has already issued a warning . So when we write code , Always pay attention to the warnings reported by the compiler , It can help us correct many mistakes .
therefore , One principle of submitting code is ： Try not to introduce new warnings .

$ gcc test.c -o test.out
test.c: In function ‘main’:
test.c:10:21: warning: format ‘%x’ expects argument of type ‘unsigned int *’, but argument 3 has type ‘uint8_t *’ {
    aka ‘unsigned char *’} [-Wformat=]
   10 |  sscanf("0x15", "0x%x", &b);
      |                    ~^   ~~
      |                     |   |
      |                     |   uint8_t * {
    aka unsigned char *}
      |                     unsigned int *
      |                    %hhx

Recommend writing

Method 1 ： Use "%hhx"

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
    
	int a = 100;
	uint8_t b;

	sscanf("0x15", "0x%hhx", &b);

	printf("a = 0x%x\n", a);
	printf("b = 0x%x\n", b);

	return EXIT_SUCCESS;
}

$ ./test.out 
a = 0x64
b = 0x15

Method 2 ： Use int Dump intermediate variables of type .

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
    
	int a = 100;
	uint8_t b;
    int c;

	sscanf("0x15", "0x%x", &c);
    b = (uint8_t)c;

	printf("a = 0x%x\n", a);
	printf("b = 0x%x\n", b);

	return EXIT_SUCCESS;
}