Re: swscanf() causing Memory Fault

[Hubert Feyrer <hubert%feyrer.de@localhost>]

[CC:ing some people who may have a clue on that code, according to cvs annotate]


On Sat, 15 Nov 2008, Silas Silva wrote:
> NetBSD 4.0 here. Same error in port-xen and port-i386.

This also happens on 5.0_BETA. Compiling libc with debugging code for 
fgetwc.c, it seems that the problem occurs in the following lines:

        /* if there're ungetwc'ed wchars, use them */
        if (wcio->wcio_ungetwc_inbuf)
                return wcio->wcio_ungetwc_buf[--wcio->wcio_ungetwc_inbuf];

gdb gives the following values:

(gdb) print wcio
$1 = (struct wchar_io_data *) 0xbfbfe720
(gdb) print wcio->wcio_ungetwc_inbuf
$2 = 1929379839
(gdb) print wcio->wcio_ungetwc_inbuf
$3 = 1929379839
(gdb) print wcio->wcio_ungetwc_buf
$4 = {-1146093028}
(gdb) print *wcio
$5 = {wcio_mbstate_in = {__mbstateL = 0,
    __mbstate8 = '\0' <repeats 127 times>}, wcio_mbstate_out = {
    __mbstateL = 0,
    __mbstate8 = '\0' <repeats 25 times>, 
"í¿»?\000\000\000'i¿»ì-±»\000í¿»l\000\000\000'i¿»\"Ò°»\"Ò°»\000\000\000_´h¿» 
¡¾\001\034\002°»\001\000\000_\000í¿»\000í¿»W\t\000\000'i¿»\000í¿»+\004\000\000'i¿»EÝ°»EÝ°»\034\002°»´h¿»\000í¿\001"},
  wcio_ungetwc_buf = {-1146093028}, wcio_ungetwc_inbuf = 1929379839,
  wcio_mode = -1145049856}

This looks pretty high as index for that buffer. But I'm not familiar with 
the code...


 - Hubert