avoid crash in scanf when invalid %m format is encountered
authorRich Felker <dalias@aerifal.cx>
Sun, 1 Sep 2013 02:47:44 +0000 (22:47 -0400)
committerRich Felker <dalias@aerifal.cx>
Sun, 1 Sep 2013 02:47:44 +0000 (22:47 -0400)
invalid format strings invoke undefined behavior, so this is not a
conformance issue, but it's nicer for scanf to report the error safely
instead of calling free on a potentially-uninitialized pointer or a
pointer to memory belonging to the caller.

src/stdio/vfscanf.c

index 68c8e2cf2fd9fcb2f98624d1961c8390ddab8c0e..c0e607f533ed355328a33fc7861965b5d4df40a5 100644 (file)
@@ -118,6 +118,8 @@ int vfscanf(FILE *restrict f, const char *restrict fmt, va_list ap)
                }
 
                if (*p=='m') {
+                       wcs = 0;
+                       s = 0;
                        alloc = !!dest;
                        p++;
                } else {