summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-08-31 22:47:44 -0400
committerRich Felker <dalias@aerifal.cx>2013-08-31 22:47:44 -0400
commitcbb8a6979038f96d3f67c659363cebf0615c42ba (patch)
tree54a4e0c3d862e3d52a2c2db30ca07be63afce7e4
parent35e8621a28db1c34685adbbf1c2229270cbf7236 (diff)
downloadmusl-cbb8a6979038f96d3f67c659363cebf0615c42ba.tar.gz
musl-cbb8a6979038f96d3f67c659363cebf0615c42ba.tar.bz2
musl-cbb8a6979038f96d3f67c659363cebf0615c42ba.tar.xz
musl-cbb8a6979038f96d3f67c659363cebf0615c42ba.zip
avoid crash in scanf when invalid %m format is encountered
invalid format strings invoke undefined behavior, so this is not a conformance issue, but it's nicer for scanf to report the error safely instead of calling free on a potentially-uninitialized pointer or a pointer to memory belonging to the caller.
-rw-r--r--src/stdio/vfscanf.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/stdio/vfscanf.c b/src/stdio/vfscanf.c
index 68c8e2cf..c0e607f5 100644
--- a/src/stdio/vfscanf.c
+++ b/src/stdio/vfscanf.c
@@ -118,6 +118,8 @@ int vfscanf(FILE *restrict f, const char *restrict fmt, va_list ap)
}
if (*p=='m') {
+ wcs = 0;
+ s = 0;
alloc = !!dest;
p++;
} else {