Re: [PATCH v5 2/3] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
Project / Subsystem
glibc / stdio-common
Date
2026-04-17
Proposer
Carlos O'Donell <[email protected]>
Source type
public_inbox
Consensus
Ready to Land
Sentiment
9/10
Technical tradeoffs
- • Modifies the buffer resizing logic in `vfscanf-internal.c`.
All attributes
- project
- glibc
- subsystem
- stdio-common
- patch_id
- —
- discussion_id
- [email protected]
- source_type
- public_inbox
- title
- Re: [PATCH v5 2/3] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
- headline
- Fix buffer overflow in scanf %mc
- tldr
- This patch fixes a buffer overflow vulnerability in scanf's %mc format specifier, identified as CVE-2026-5450.
- stakes
- Fixes a security vulnerability that could allow user-controlled buffer overflows when using the %mc format specifier in scanf.
- proposer
- Carlos O'Donell <[email protected]>
- consensus
- Ready to Land
- outcome
- ready
- sentiment_score
- 9
- sentiment_rationale
- Fixes a security vulnerability and has been reviewed.
- technical_tradeoffs
-
- • Modifies the buffer resizing logic in `vfscanf-internal.c`.
- series_id
- glibc:stdio-common: fix buffer overflow in scanf %mc [bz #34008]
- series_role
- reply
- series_parts
- []
- tags
-
- • stdio
- • scanf
- • vfscanf
- • buffer overflow
- • security
- bugzilla_url
- —
- date
- 2026-04-17T00:00:00.000Z
Re: [PATCH v5 2/3] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
This patch corrects a buffer overflow in vfscanf-internal.c related to the %mc and %mC format specifiers. The issue occurs during buffer enlargement, where one byte less than required is allocated. The patch has been reviewed and the reviewer’s approval can be kept for v6 if the fix remains unchanged.