This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/12701] scanf accepts non-matching input
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 13 Jun 2014 14:54:27 +0000
- Subject: [Bug stdio/12701] scanf accepts non-matching input
- Auto-submitted: auto-generated
- References: <bug-12701-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=12701
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--- Comment #16 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Rich Felker from comment #0)
> sscanf("abc", "%4c", buf) returns 1 instead of 0 or EOF (not sure which is
> correct) and leaves no way for the caller to know buf[3] is unfilled.
So this is an information leak.
--
You are receiving this mail because:
You are on the CC list for the bug.