MONDAY, APRIL 20, 2026 GLIBC DIGEST · OPEN-SOURCE SYSTEMS DAILY VOL. 1 · NO. 110
Late Edition · APRIL 20, 2026 · VOL. 1 · NO. 110
The glibc Digest
— A Daily Record of the GNU C Library —
FRIDAY, APRIL 17, 2026
stdio-common Proposed

Add regression test for scanf %mc buffer overflow

This patch adds a regression test for a buffer overflow vulnerability in scanf's %mc format specifier.

By Carlos O'Donell <[email protected]> April 17, 2026 Sentiment 7 / 10

A regression test is being added to stdio-common to verify the fix for bug #34008, which involves a buffer overflow in vfscanf with the %Nmc format specifier. The test is confirmed to fail before the fix and pass after. A copyright correction is requested.

Technical Tradeoffs

  • Adds a new test case to the test suite.
  • Requires additional dependencies for the test environment (MALLOC_CHECK_, LD_PRELOAD).
Filed Under: stdioscanfvfscanfregression testsecurity
View Original Thread →