diff options
| author | Andrew Morton <akpm@osdl.org> | 2004-02-05 16:51:46 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <greg@kroah.com> | 2004-02-05 16:51:46 -0800 |
| commit | 97ec265352735d1d4701f3eae31c8415f44289c2 (patch) | |
| tree | aaa86b2fde8d0d3d8fd6e055afd9e22aae83b707 /lib | |
| parent | 3e9fb3ccf5ae076e4f33bc34271c054d5dafb349 (diff) | |
[PATCH] Improper handling of %c in vsscanf
From: <gb@phonema.ea.univpm.it>
The "%c" in sscanf actually reads and writes one extra character (i.e. 2
characters insted of just one), and may thus easily overflow caller's
buffer.
Also affects 2.4 tree, even if there "%c" seems not to be used at all.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/vsprintf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index fdc2f19e241c..b30a4a2541c0 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -618,7 +618,7 @@ int vsscanf(const char * buf, const char * fmt, va_list args) field_width = 1; do { *s++ = *str++; - } while(field_width-- > 0 && *str); + } while (--field_width > 0 && *str); num++; } continue; |