Re: strtonum(3) from OpenBSD?

To: tech-userlevel%netbsd.org@localhost
Subject: Re: strtonum(3) from OpenBSD?
From: David Laight <david%l8s.co.uk@localhost>
Date: Tue, 30 Jun 2009 07:52:52 +0100

On Mon, Jun 29, 2009 at 11:41:04PM -0400, James K. Lowden wrote:
> 
> I fail to see how sscanf(3) is more error prone than strtonum().  No
> matter what, you have to specify -- via the name or the format string --
> the format of the input and of the receiving buffer.  At least with
> sscanf(3) that's *all* you have to do.

Correct use of sscanf() for a single integer is something like:

        count = sscanf(inbuf, "%i%n", &int_val, &byte_count);
        if (count != 2 || inbuf[byte_count] != 0)
                /* Conversion error */

I'm not sure that it is possible to detect numeric overflow.

If you start using more complicated format strings, then you have to
be even more careful that the user-supplied input is correctly processed.

        David

-- 
David Laight: david%l8s.co.uk@localhost

Follow-Ups:
- Re: strtonum(3) from OpenBSD?
  - From: Roy Marples

References:
- strtonum(3) from OpenBSD?
  - From: Marc Balmer
- Re: strtonum(3) from OpenBSD?
  - From: James K. Lowden
- Re: strtonum(3) from OpenBSD?
  - From: Tonnerre LOMBARD
- Re: strtonum(3) from OpenBSD?
  - From: James K. Lowden

Prev by Date: Re: strtonum(3) from OpenBSD?
Next by Date: Re: strtonum(3) from OpenBSD?
Previous by Thread: Re: strtonum(3) from OpenBSD?
Next by Thread: Re: strtonum(3) from OpenBSD?
Indexes:

Home | Main Index | Thread Index | Old Index