FRIDAY, APRIL 17, 2026
stdio-common — Proposed
stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]
The scanf %mc format specifier had a buffer overflow; upstream requests that the fix and its regression test be combined into a single commit.
A patch series fixes a buffer overflow in the scanf %mc format specifier. The overflow occurs due to missing size validation when allocating memory. The patch adds a regression test and fixes the overflow. The patch author has been asked to combine the fix and the regression test into a single commit for bisectability.
Technical Tradeoffs
- Combining the test and the fix simplifies bisecting.
- A separate patch optimizes %ms expansion.