diff options
author | Ondřej Bílka <neleai@seznam.cz> | 2013-11-18 12:41:00 +0100 |
---|---|---|
committer | Ondřej Bílka <neleai@seznam.cz> | 2013-11-18 12:42:23 +0100 |
commit | 728dab0e13529ba8778e6ef07e2cc80eddf028b5 (patch) | |
tree | 390911e7cb25cd8ed168393f1e4d194596fa44c6 /stdio-common/vfscanf.c | |
parent | dd8082389e5448c3e716de8431817b30565a48d3 (diff) | |
download | glibc-728dab0e13529ba8778e6ef07e2cc80eddf028b5.tar.gz glibc-728dab0e13529ba8778e6ef07e2cc80eddf028b5.tar.xz glibc-728dab0e13529ba8778e6ef07e2cc80eddf028b5.zip |
Do not let scanf("%4p") accept "(nil)". Fixes bug 16055
Diffstat (limited to 'stdio-common/vfscanf.c')
-rw-r--r-- | stdio-common/vfscanf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c index e6fa8f372b..c0b93ae3b7 100644 --- a/stdio-common/vfscanf.c +++ b/stdio-common/vfscanf.c @@ -1757,7 +1757,7 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr, we must recognize "(nil)" as well. */ if (__builtin_expect (wpsize == 0 && (flags & READ_POINTER) - && (width < 0 || width >= 0) + && (width < 0 || width >= 5) && c == '(' && TOLOWER (inchar ()) == L_('n') && TOLOWER (inchar ()) == L_('i') |