[PATCH] Improper handling of %c in vsscanf

From: <gb@phonema.ea.univpm.it> The "%c" in sscanf actually reads and writes one extra character (i.e. 2 characters insted of just one), and may thus easily overflow caller's buffer. Also affects 2.4 tree, even if there "%c" seems not to be used at all.

[PATCH] Improper handling of %c in vsscanf
From: <gb@phonema.ea.univpm.it> The "%c" in sscanf actually reads and writes one extra character (i.e. 2 characters insted of just one), and may thus easily overflow caller's buffer. Also affects 2.4 tree, even if there "%c" seems not to be used at all.
97ec2653 · Andrew Morton · Greg Kroah-Hartman · 3e9fb3cc · 97ec2653
Commit 97ec2653 authored Feb 05, 2004 by Andrew Morton Committed by Greg Kroah-Hartman Feb 05, 2004
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

lib/vsprintf.c lib/vsprintf.c +1 -1

No files found.
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -618,7 +618,7 @@ int vsscanf(const char * buf, const char * fmt, va_list args)
 				field_width = 1;
 			do {
 				*s++ = *str++;
-			} while(field_width-- > 0 && *str);
+			} while (--field_width > 0 && *str);
 			num++;
 		}
 		continue;