From: Rich Felker Date: Sun, 1 Sep 2013 02:47:44 +0000 (-0400) Subject: avoid crash in scanf when invalid %m format is encountered X-Git-Tag: v0.9.14~53 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cbb8a6979038f96d3f67c659363cebf0615c42ba;p=oweals%2Fmusl.git avoid crash in scanf when invalid %m format is encountered invalid format strings invoke undefined behavior, so this is not a conformance issue, but it's nicer for scanf to report the error safely instead of calling free on a potentially-uninitialized pointer or a pointer to memory belonging to the caller. --- diff --git a/src/stdio/vfscanf.c b/src/stdio/vfscanf.c index 68c8e2cf..c0e607f5 100644 --- a/src/stdio/vfscanf.c +++ b/src/stdio/vfscanf.c @@ -118,6 +118,8 @@ int vfscanf(FILE *restrict f, const char *restrict fmt, va_list ap) } if (*p=='m') { + wcs = 0; + s = 0; alloc = !!dest; p++; } else {