avoid crash in scanf when invalid %m format is encountered

invalid format strings invoke undefined behavior, so this is not a
conformance issue, but it's nicer for scanf to report the error safely
instead of calling free on a potentially-uninitialized pointer or a
pointer to memory belonging to the caller.

diff --git a/src/stdio/vfscanf.c b/src/stdio/vfscanf.c
index 68c8e2cf2fd9fcb2f98624d1961c8390ddab8c0e..c0e607f533ed355328a33fc7861965b5d4df40a5 100644 (file)
--- a/src/stdio/vfscanf.c
+++ b/src/stdio/vfscanf.c
@@ -118,6 +118,8 @@ int vfscanf(FILE *restrict f, const char *restrict fmt, va_list ap)
                }
 
                if (*p=='m') {
+                       wcs = 0;
+                       s = 0;
                        alloc = !!dest;
                        p++;
                } else {