[Rd] [PATCH] Fix fscanf specifier in InIntegerAscii
Steve Grubb
sgrubb at redhat.com
Thu Jul 20 23:28:53 CEST 2017
Hello,
The SMBUF_SIZED_STRING allows fscanf to read upto 511 bytes. The buffer
at line 1382 is only 128 bytes. The fscanf format specifier ought to be
resized to prevent a stack overrun.
Signed-of-by: Steve Grubb <sgrubb at redhat.com>
Index: saveload.c
===================================================================
--- src/main/saveload.c (revision 72935)
+++ src/main/saveload.c (working copy)
@@ -1379,7 +1379,7 @@
{
char buf[128];
int x, res;
- res = fscanf(fp, SMBUF_SIZED_STRING, buf);
+ res = fscanf(fp, "%127s", buf);
if(res != 1) error(_("read error"));
if (strcmp(buf, "NA") == 0)
return NA_INTEGER;
More information about the R-devel
mailing list