[PATCH v6] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
Project / Subsystem
glibc / stdio-common
Date
2026-04-18
Proposer
Rocket Ma <[email protected]>
Source type
public_inbox
Consensus
Ready to Land
Sentiment
9/10
Technical tradeoffs
- • The patch modifies vfscanf-internal.c and adds a new test case, tst-vfscanf-bz34008.c.
- • The fix potentially impacts performance, though likely negligibly.
All attributes
- project
- glibc
- subsystem
- stdio-common
- patch_id
- —
- discussion_id
- [email protected]
- source_type
- public_inbox
- title
- [PATCH v6] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
- headline
- Stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
- tldr
- This patch fixes a one-byte buffer overflow in glibc's scanf when using the %mc format specifier.
- stakes
- This patch fixes a user-controlled buffer overflow, which could lead to security vulnerabilities (CVE-2026-5450).
- proposer
- Rocket Ma <[email protected]>
- consensus
- Ready to Land
- outcome
- ready
- sentiment_score
- 9
- sentiment_rationale
- Fixes a security vulnerability and has been reviewed.
- technical_tradeoffs
-
- • The patch modifies vfscanf-internal.c and adds a new test case, tst-vfscanf-bz34008.c.
- • The fix potentially impacts performance, though likely negligibly.
- series_id
- —
- series_role
- standalone
- series_parts
- []
- tags
-
- • security
- • buffer overflow
- • scanf
- • glibc
- bugzilla_url
- —
- date
- 2026-04-18T00:00:00.000Z
[PATCH v6] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
A patch has been proposed to fix a buffer overflow in glibc’s scanf function. The vulnerability occurs when using the %mc or %mC format specifiers, where the allocated buffer is one byte smaller than required, leading to a potential overflow. The patch includes a fix and a new test case.