SUNDAY, APRIL 19, 2026 GLIBC DIGEST · OPEN-SOURCE SYSTEMS DAILY VOL. 1 · NO. 109
Late Edition · APRIL 19, 2026 · VOL. 1 · NO. 109
The glibc Digest
— A Daily Record of the GNU C Library —
SATURDAY, APRIL 18, 2026
stdio-common Ready to Land

Stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]

This patch fixes a one-byte buffer overflow in glibc's scanf when using the %mc format specifier.

By Rocket Ma <[email protected]> April 18, 2026 Sentiment 9 / 10

A patch has been proposed to fix a buffer overflow in glibc’s scanf function. The vulnerability occurs when using the %mc or %mC format specifiers, where the allocated buffer is one byte smaller than required, leading to a potential overflow. The patch includes a fix and a new test case.

Technical Tradeoffs

  • The patch modifies vfscanf-internal.c and adds a new test case, tst-vfscanf-bz34008.c.
  • The fix potentially impacts performance, though likely negligibly.
Filed Under: securitybuffer overflowscanfglibc
View Original Thread →