首页 发现 帮助
登录
hongwenjun
/
musl
镜像自地址 https://git.musl-libc.org/git/musl
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

fix uninitialized/stale use of alloc (%m modifier) flag in scanf

for conversion specifiers, alloc is always set when the specifier is
parsed. however, if scanf stops due to mismatching literal text,
either an uninitialized (if no conversions have been performed yet) or
stale (from the previous conversion) of the flag will be used,
possibly causing an invalid pointer to be passed to free when the
function returns.
Rich Felker 11 年之前
父节点
8389520ed5
当前提交
1d92cddb1e
共有 2 个文件被更改,包括 4 次插入0 次删除
分列视图 显示文件统计
  1. 2 0
      src/stdio/vfscanf.c
  2. 2 0
      src/stdio/vfwscanf.c

+ 2 - 0
src/stdio/vfscanf.c
查看文件 

@@ -81,6 +81,8 @@ int vfscanf(FILE *restrict f, const char *restrict fmt, va_list ap)
 
 
 	for (p=(const unsigned char *)fmt; *p; p++) {
 
 
+		alloc = 0;
 
+
 
 		if (isspace(*p)) {
 
 			while (isspace(p[1])) p++;
 
 			shlim(f, 0);

+ 2 - 0
src/stdio/vfwscanf.c
查看文件 

@@ -109,6 +109,8 @@ int vfwscanf(FILE *restrict f, const wchar_t *restrict fmt, va_list ap)
 
 
 	for (p=fmt; *p; p++) {
 
 
+		alloc = 0;
 
+
 
 		if (iswspace(*p)) {
 
 			while (iswspace(p[1])) p++;
 
 			while (iswspace((c=getwc(f)))) pos++;