>Number:         21691
>Category:       lib
>Synopsis:       sscanf(3) %i format does not work properly with -ve hex numbers
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 26 21:12:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Jason R Thorpe
>Release:        NetBSD 1.6T
>Organization:
Wasabi Systems, Inc.
>Environment:
	
	
System: NetBSD swinger.shagadelic.org 1.6T NetBSD 1.6T (SWINGER) #230: Tue May 13 10:28:44 PDT 2003  thorpej@yeah-baby.shagadelic.org:/u1/netbsd/src/sys/arch/i386/compile/SWINGER i386
Architecture: i386
Machine: i386
>Description:
	ISO C says about sscanf()'s %i format:

``
	i	Matches an optionally signed integer, whose format is the
		same as expected for the subject sequence of the strtol()
		function with the value 0 for the base argument.  The
		corresponding argument shall be a pointer to a signed integer.
''

	Our sscanf() does not function properly.  When it encounters a
	"-0x..." number, it stops parsing after first 0, advancing the
	input pointer to the x.

	strtol() appears functions properly; this must be a problem with
	__svfscanf_unlocked()'s checking of the input stream before it
	calls the conversion function.

>How-To-Repeat:
	Run the following test program.

#include <stdio.h>
#include <stdlib.h>

char string[] = "-0xff";

int
main()
{
        long foo;
        int nchars;

        sscanf(string, "%li%n", &foo, &nchars);

        if (foo != -255 || string[nchars] != '\0')
                abort();

        return 0;
}

>Fix:
	Not provided.
>Release-Note:
>Audit-Trail:
>Unformatted: