commit a0ae80788cc12284cd63ac678318f95e1238b257 Author: Nick Mathewson nickm@torproject.org Date: Fri Jul 1 11:26:30 2011 -0400
Replace 4 more sscanf()s with tor_sscanf()
For some inexplicable reason, Coverity departs from its usual standards of avoiding false positives here, and warns about all sscanf usage, even when the formatting strings are totally safe.
Addresses CID # 447, 446. --- changes/cov217_scanf | 5 +++++ src/common/compat_libevent.c | 4 ++-- src/or/geoip.c | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/changes/cov217_scanf b/changes/cov217_scanf new file mode 100644 index 0000000..368bca8 --- /dev/null +++ b/changes/cov217_scanf @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Use tor_sscanf in place of scanf in more places through the + code. This makes us a little more locale-independent, and + should help shut up code-analysis tools that can't tell + a safe sscanf string from a dangerous one. diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c index e0c7e3a..c338dd6 100644 --- a/src/common/compat_libevent.c +++ b/src/common/compat_libevent.c @@ -264,7 +264,7 @@ tor_decode_libevent_version(const char *v)
/* Try the new preferred "1.4.11-stable" format. * Also accept "1.4.14b-stable". */ - fields = sscanf(v, "%u.%u.%u%c%c", &major, &minor, &patchlevel, &c, &e); + fields = tor_sscanf(v, "%u.%u.%u%c%c", &major, &minor, &patchlevel, &c, &e); if (fields == 3 || ((fields == 4 || fields == 5 ) && (c == '-' || c == '_')) || (fields == 5 && TOR_ISALPHA(c) && (e == '-' || e == '_'))) { @@ -272,7 +272,7 @@ tor_decode_libevent_version(const char *v) }
/* Try the old "1.3e" format. */ - fields = sscanf(v, "%u.%u%c%c", &major, &minor, &c, &extra); + fields = tor_sscanf(v, "%u.%u%c%c", &major, &minor, &c, &extra); if (fields == 3 && TOR_ISALPHA(c)) { return V_OLD(major, minor, c); } else if (fields == 2) { diff --git a/src/or/geoip.c b/src/or/geoip.c index 59490bd..62c7a5c 100644 --- a/src/or/geoip.c +++ b/src/or/geoip.c @@ -116,10 +116,10 @@ geoip_parse_entry(const char *line) ++line; if (*line == '#') return 0; - if (sscanf(line,"%u,%u,%2s", &low, &high, b) == 3) { + if (tor_sscanf(line,"%u,%u,%2s", &low, &high, b) == 3) { geoip_add_entry(low, high, b); return 0; - } else if (sscanf(line,""%u","%u","%2s",", &low, &high, b) == 3) { + } else if (tor_sscanf(line,""%u","%u","%2s",", &low, &high, b) == 3) { geoip_add_entry(low, high, b); return 0; } else {