This is the mail archive of the
mailing list for the glibc project.
Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>, Carlos O'Donell <carlos at redhat dot com>
- Cc: Andreas Schwab <schwab at suse dot de>, Rich Felker <dalias at libc dot org>, libc-alpha at sourceware dot org
- Date: Tue, 03 Feb 2015 08:12:47 -0800
- Subject: Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobPgvuBLTk4GzOchr792MHNi1yLgsO5Jqf8MPvY+bk544Q at mail dot gmail dot com> <20150202050906 dot GF23507 at brightrain dot aerifal dot cx> <CALoOobP5yEqB-oKUvPVJm0znonYJ_iM1q_uFBNT2sRojBguJ-A at mail dot gmail dot com> <mvmiofkiqaj dot fsf at hawking dot suse dot de> <CALoOobPyDepfTFp=_y50iKHxAhKV8W+ZkUiV6e-2O=kgpT_08g at mail dot gmail dot com> <54CFCEB1 dot 8090301 at cs dot ucla dot edu> <CALoOobOqBGEp=Jv-sncnUzi6BVzypg9txr-Oh2OTQL7BFbuwSw at mail dot gmail dot com>
On 02/02/2015 11:52 AM, Paul Pluzhnikov wrote:
On Mon, Feb 2, 2015 at 11:23 AM, Paul Eggert <firstname.lastname@example.org> wrote:
So, how about the attached (untested) patch to vfscanf.c instead? It's
simpler. It does rely on realloc (wp, SIZE_MAX) returning NULL, but that's
safe in glibc.
I like it. Re-tested.
Combined patch attached.
Thanks, this fix looks good to me. I assume Carlos needs to ACK this,
given that the Ottawa river is still frozen solid....