[PATCH] svfwscanf: Simplify _sungetwc_r to eliminate apparent buffer overflow

Keith Packard keithp@keithp.com
Thu Aug 19 15:17:27 GMT 2021

Corinna Vinschen <vinschen@redhat.com> writes:

> Given all chars are sizeof(wchar_t), how's the buffer ever going to
> become unaligned?

It places the wchar_t at the end of _ubuf, which is 3 bytes long, making
it unaligned:

  fp->_p = &fp->_ubuf[sizeof (fp->_ubuf) - sizeof (wchar_t)];

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/newlib/attachments/20210819/86110a4f/attachment.sig>

More information about the Newlib mailing list