Commit 97ec2653 authored by Andrew Morton's avatar Andrew Morton Committed by Greg Kroah-Hartman

[PATCH] Improper handling of %c in vsscanf

From: <gb@phonema.ea.univpm.it>

The "%c" in sscanf actually reads and writes one extra character (i.e.  2
characters insted of just one), and may thus easily overflow caller's
buffer.

Also affects 2.4 tree, even if there "%c" seems not to be used at all.
parent 3e9fb3cc
...@@ -618,7 +618,7 @@ int vsscanf(const char * buf, const char * fmt, va_list args) ...@@ -618,7 +618,7 @@ int vsscanf(const char * buf, const char * fmt, va_list args)
field_width = 1; field_width = 1;
do { do {
*s++ = *str++; *s++ = *str++;
} while(field_width-- > 0 && *str); } while (--field_width > 0 && *str);
num++; num++;
} }
continue; continue;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment