Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 14 Mar 2019 10:46:17 +0100
From: Marian Buschsieweke <marian.buschsieweke@...u.de>
To: musl@...ts.openwall.com
Cc: Natanael ncopa Copa <ncopa@...inelinux.org>
Subject: segfault on sscanf

Hi,

running pdflatex on Alpine Linux for a specific document resulted in a
segfault, which I could trace down to a specific call to sscanf. This is a
minimum example to reproduce that segfault:

	#include <stdio.h>
	
	int main(void) {
		const char *too_parse = "0 1 -1 0";
		double f1,f2,f3,f4;
		char dummy;
		sscanf(too_parse, " %lf %lf %lf %lf %c", &f1, &f2, &f3, &f4, &dummy);
	
		printf("f1=%f, f2=%f, f3=%f, f4=%f, dummy=\"%c\"\n", f1, f2, f3, f4, dummy);
	
		return 0;
	}

This is the backtrace:

	#0  0x00007ffff7fb7eba in vfscanf (f=f@...ry=0x7fffffffe6f8, 
	    fmt=<optimized out>, ap=ap@...ry=0x7fffffffe7f8) at src/stdio/vfscanf.c:262
	#1  0x00007ffff7fb971a in vsscanf (s=<optimized out>, fmt=<optimized out>, 
	    ap=ap@...ry=0x7fffffffe7f8) at src/stdio/vsscanf.c:14
	#2  0x00007ffff7fb594d in sscanf (s=<optimized out>, fmt=<optimized out>)
	    at src/stdio/sscanf.c:9
	#3  0x0000555555555213 in main () at test.c:7

I have the package Alpine Linux package musl-1.1.21-r0 installed, which is musl
version 1.1.21 with minimal changes.

Kind regards,
Marian

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.