Re: [PATCH v5 0/3] Re: [PATCH v4 2/2] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
Project / Subsystem
glibc / stdio-common
Date
2026-04-17
Proposer
Carlos O'Donell <[email protected]>
Source type
public_inbox
Consensus
Proposed
Sentiment
7/10
Technical tradeoffs
- • Combining the test and the fix simplifies bisecting.
- • A separate patch optimizes %ms expansion.
All attributes
- project
- glibc
- subsystem
- stdio-common
- patch_id
- —
- discussion_id
- [email protected]
- source_type
- public_inbox
- title
- Re: [PATCH v5 0/3] Re: [PATCH v4 2/2] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
- headline
- stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
- tldr
- The scanf %mc format specifier had a buffer overflow; upstream requests that the fix and its regression test be combined into a single commit.
- stakes
- Fixes a security vulnerability.
- proposer
- Carlos O'Donell <[email protected]>
- consensus
- Proposed
- outcome
- proposed
- sentiment_score
- 7
- sentiment_rationale
- The discussion is focused on code quality and bisectability, indicating a positive and constructive environment.
- technical_tradeoffs
-
- • Combining the test and the fix simplifies bisecting.
- • A separate patch optimizes %ms expansion.
- series_id
- glibc:[patch v4 ] stdio-common: fix buffer overflow in scanf %mc [bz #34008]
- series_role
- cover
- series_parts
- []
- tags
-
- • security
- • stdio
- • scanf
- • buffer overflow
- bugzilla_url
- —
- date
- 2026-04-17T00:00:00.000Z
Re: [PATCH v5 0/3] Re: [PATCH v4 2/2] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
A patch series fixes a buffer overflow in the scanf %mc format specifier. The overflow occurs due to missing size validation when allocating memory. The patch adds a regression test and fixes the overflow. The patch author has been asked to combine the fix and the regression test into a single commit for bisectability.