Re: Bug in TRE regular expression library

[Ralf Junker <ralfjunker%gmx.de@localhost>]

On 20.07.2010 21:58, der Mouse wrote:

>> scanf ("*%s");
> 
> While I can't see it as being your problem,

It surely is not my problem nor the point I wanted to draw attention
to. The focus is solely on the TRE regex functions.

Still, thanks for pointing this out. I never put any thought into this
scanf arguments, simply because they serve a single purpose: Stop the
application so I can read its output and press any key to quit quickly.
Works fine for me here.

I am sorry to say that I am not much concerned about any problems this
key press might cause elsewehere, as this is not a working application
but some simple code to demonstrate a problem somewhere else, possibly
in production code.

Buz if you'd like to suggest a proper way to achieve this objective, I'd
be eager to learn ...

Ralf

> this looks..questionable, at the very least.  If the input line at 
> this point begins with a *, scanf will, at best, misuse stack trash 
> as if it were a pointer and segfault immediately; more 
> pessimistically, misuse stack trash as if it were a pointer and 
> scribble on some random data structure somewhere, leading to cryptic
>  misbehaviour at some difficult-to-predict later point.
> 
> If the input doesn't begin with a *, I think our implementation will
>  not misbehave, but I also think this is an accident of the 
> implementation and should not be counted on - I don't think C and/or
>  stdio promise that omitting arguments like this is acceptable even 
> if they're not stored through.  (For example, scanf might fetch the 
> pointer, even if it doesn't store through it, and if the machine has
>  trap representations for pointers it may crash when doing so.)