[Bug other/119052] [15 regression] Uninitialized memory use in selftest::check_line

jakub at gcc dot gnu.org via Gcc-bugs Fri, 28 Feb 2025 07:34:04 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119052


Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
75ab30f77f6d gcc/input.cc (Andi Kleen          2025-01-25 22:48:29 -0800 2368) 
 /* get_buffer is not null terminated, but the sscanf stops after a number.  */
75ab30f77f6d gcc/input.cc (Andi Kleen          2025-01-25 22:48:29 -0800 2369) 
 ASSERT_TRUE (sscanf (line.get_buffer (), "%d", &n) == 1);

While the comment is true, sscanf stops after a number in that case, sscanf
when initializing the FILE stream it uses internally
checks the length of the string.  Calling it with non-null terminated buffer is
still UB.

[Bug other/119052] [15 regression] Uninitialized memory use in selftest::check_line

Reply via email to