]> git.neil.brown.name Git - history.git/commitdiff
projects / history.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e9fb3c)
[PATCH] Improper handling of %c in vsscanf
authorAndrew Morton <akpm@osdl.org>
Fri, 6 Feb 2004 00:51:46 +0000 (16:51 -0800)
committerGreg Kroah-Hartman <greg@kroah.com>
Fri, 6 Feb 2004 00:51:46 +0000 (16:51 -0800)
From: <gb@phonema.ea.univpm.it>

The "%c" in sscanf actually reads and writes one extra character (i.e.  2
characters insted of just one), and may thus easily overflow caller's
buffer.

Also affects 2.4 tree, even if there "%c" seems not to be used at all.

lib/vsprintf.c patch | blob | history

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index fdc2f19e241c2467e5be6e82f8dd765111894d16..b30a4a2541c02dfb00b4bc50fb6284d9d34fdfbd 100644 (file)
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -618,7 +618,7 @@ int vsscanf(const char * buf, const char * fmt, va_list args)
                                field_width = 1;
                        do {
                                *s++ = *str++;
-                       } while(field_width-- > 0 && *str);
+                       } while (--field_width > 0 && *str);
                        num++;
                }
                continue;
Unnamed repository; edit this file 'description' to name the repository.