>Number:         9613
>Category:       lib
>Synopsis:       sscanf's %x conversion broken on (at least) arm32
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 13 16:12:01 2000
>Last-Modified:
>Originator:     Thilo Manske
>Organization:
Dies ist Thilos Unix Signature! Viel Spass damit.
>Release:        ~13th March 2000
>Environment:
	
System: NetBSD 1.4U (ZardoZ) #108: Sun Mar  5 15:24:08 MET 2000     thilo@RiscPC:/usr/src/sys/arch/arm32/compile/ZardoZ

libc.so.12.58
since at least 12th March

>Description:
Since a few days I can't build bootable arm32 kernels anymore
("entry point out of range" or something from the booter).
I tracked the problem down to sscanf called in ld wich converts
"F0000000" (the adress given with the -Ttext flag to the linker)
to 0x10000000 and not 0xf0000000.

(and FWIW "90000000" to 0x70000000, so the pattern is
"if hex>0x/80000000 return 2^32-hex else return hex"
I guess.)

>How-To-Repeat:
Build an arm32 kernel on a arm32 box with fresh userland and
try to boot it, or:

#include <stdio.h>
int main() {
  int x;
  sscanf("F0000000","%x",&x);
  printf("%x\n",x);
}

i386 doesn't show the bug (gives "f0000000" as expected),
I don't have more platforms (yet) to test that, so I
don't know if it's just arm32 specific or not.

>Fix:
(tired...)
>Audit-Trail:
>Unformatted: