Commit 97ec2653 authored by Andrew Morton's avatar Andrew Morton Committed by Greg Kroah-Hartman

[PATCH] Improper handling of %c in vsscanf

From: <gb@phonema.ea.univpm.it>

The "%c" in sscanf actually reads and writes one extra character (i.e.  2
characters insted of just one), and may thus easily overflow caller's
buffer.

Also affects 2.4 tree, even if there "%c" seems not to be used at all.
parent 3e9fb3cc
......@@ -618,7 +618,7 @@ int vsscanf(const char * buf, const char * fmt, va_list args)
field_width = 1;
do {
*s++ = *str++;
} while(field_width-- > 0 && *str);
} while (--field_width > 0 && *str);
num++;
}
continue;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment