Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2222924/?format=api
{ "id": 2222924, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2222924/?format=api", "web_url": "http://patchwork.ozlabs.org/project/glibc/patch/20260414021708.3062753-4-marocketbd@gmail.com/", "project": { "id": 41, "url": "http://patchwork.ozlabs.org/api/1.1/projects/41/?format=api", "name": "GNU C Library", "link_name": "glibc", "list_id": "libc-alpha.sourceware.org", "list_email": "libc-alpha@sourceware.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260414021708.3062753-4-marocketbd@gmail.com>", "date": "2026-04-14T02:17:08", "name": "[v5,3/3] stdio-common: Optimize %ms expansion for best fit", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "c5a6f78d0cb01e5c790b9bc81241b9c3d80ceed6", "submitter": { "id": 92898, "url": "http://patchwork.ozlabs.org/api/1.1/people/92898/?format=api", "name": "Rocket Ma", "email": "marocketbd@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/glibc/patch/20260414021708.3062753-4-marocketbd@gmail.com/mbox/", "series": [ { "id": 499766, "url": "http://patchwork.ozlabs.org/api/1.1/series/499766/?format=api", "web_url": "http://patchwork.ozlabs.org/project/glibc/list/?series=499766", "date": "2026-04-14T02:17:05", "name": "Re: [PATCH v4 2/2] stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]", "version": 5, "mbox": "http://patchwork.ozlabs.org/series/499766/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2222924/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2222924/checks/", "tags": {}, "headers": { "Return-Path": "<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "libc-alpha@sourceware.org" ], "Delivered-To": [ "patchwork-incoming@legolas.ozlabs.org", "libc-alpha@sourceware.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=COinE24h;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=38.145.34.32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)", "sourceware.org;\n\tdkim=pass (2048-bit key,\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=COinE24h", "sourceware.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "sourceware.org; spf=pass smtp.mailfrom=gmail.com", "server2.sourceware.org;\n arc=none smtp.remote-ip=2607:f8b0:4864:20::1335" ], "Received": [ "from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fvnyW6v4Xz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 14 Apr 2026 12:18:59 +1000 (AEST)", "from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 17FAC4BA2E29\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 14 Apr 2026 02:18:58 +0000 (GMT)", "from mail-dy1-x1335.google.com (mail-dy1-x1335.google.com\n [IPv6:2607:f8b0:4864:20::1335])\n by sourceware.org (Postfix) with ESMTPS id D59684BA23C1\n for <libc-alpha@sourceware.org>; Tue, 14 Apr 2026 02:17:49 +0000 (GMT)", "by mail-dy1-x1335.google.com with SMTP id\n 5a478bee46e88-2d868d014a5so1873335eec.1\n for <libc-alpha@sourceware.org>; Mon, 13 Apr 2026 19:17:49 -0700 (PDT)", "from localhost ([23.94.240.252]) by smtp.gmail.com with UTF8SMTPSA\n id\n 5a478bee46e88-2d9875ce4fcsm5907865eec.6.2026.04.13.19.17.47\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Mon, 13 Apr 2026 19:17:48 -0700 (PDT)" ], "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 sourceware.org 17FAC4BA2E29", "OpenDKIM Filter v2.11.0 sourceware.org D59684BA23C1" ], "DMARC-Filter": "OpenDMARC Filter v1.4.2 sourceware.org D59684BA23C1", "ARC-Filter": "OpenARC Filter v1.0.0 sourceware.org D59684BA23C1", "ARC-Seal": "i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1776133070; cv=none;\n b=PnbP+0yBFkZK76MHxx/HGXd5abybOeAEs1Hvd5MQdqlbmu5LW27eLrNBNbGwK54FClvoAGHWjnSfvSMYxT8vWI2lyTxIsvA+YVogHpO6Q8cb1RAwyY6B7nEqbMG8dHY5SBjKlqPXVmgh0XK0ZNipvhpU+MyBQA+aBoef6duiEi4=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1776133070; c=relaxed/simple;\n bh=1mCc59u3339DpV/K1EqKkfQ0jj7NrBm4YsPeJ12Sao8=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=lnNBfVukgFHQM/j+qFOGNE5Boh8lalWP4qE7L/Ry0sqztAL4wlhhnhzfmbSE/tPUzToj0UJ2kfykSHGWtpIStH5NhPIc5tO7m5RbQOVqqRg2MODwUrVlxQZlAoPdpeWzX0XUYaUSI/tYDJbc68VW1w6ZGRsr9c+4fY0xgvA7Es4=", "ARC-Authentication-Results": "i=1; server2.sourceware.org", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776133069; x=1776737869; darn=sourceware.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=707EKk2LyV2UUbvvCNv3p4vgsOc1nN2MN134zFXRqRg=;\n b=COinE24h4Ovqy4aq9I0VjZZ2Lie8ROgxx1n38lHkcW0P7ZM8pKYBXqzCXMwW4aGYQ3\n YynhHwPlI0H9oUjsQzp2TVx/jzy6Kc448a8KURWQusFizAYTXfN9tS/8c6Kr3R0QNBEs\n rTzkt7aU9RiHwcsMbJfsU+jbXe97RQra2wZbCgmlPzq6oExYYr61fQaXcdoYejsOcdOh\n +jDR6MOAE9tPLX0SoZE/EbWXKwc3GrupBMxq099KIgli6rpFDlr/KxHMXiOHcD1ILlkh\n vrSL4sOamitl9xTGXY6P8is9bsNyTVYtX8r/KLJi/S1Kcq0uoNT+VYoVoXEfGJ9a0hLg\n Ci2g==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776133069; x=1776737869;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=707EKk2LyV2UUbvvCNv3p4vgsOc1nN2MN134zFXRqRg=;\n b=kzpRx/3vDtOZ6CnWROHXaqyL5QEZzjqCjhhLBQ1XmnBXSxI9sxZhPkIKgF07QSXRLX\n 3ju5eEzQ5QV+uMR94saGt0LHEPMkb8nvK7vxFm96DSXQdwrGFVS21KbjswWtDgCClUkS\n z7DX82JSRhBnj2tJGu4yifozeKqzJPHT8llu41g6onxbbxQDgktuVLEkC+mjZQsh9tpj\n cSSD0p3DYUbVZ423Z2NgUwMn+h8pgVWYVYAzUbJXceaNUVRviT2ekIIqEi1xtKYwnCcg\n D5ueiPy3PQvMuHuhZTSsAQKwkLj9zkJ7sfAAnSyxY0XWpljVE6PnegWSNQ9nWffTIdoU\n PhOg==", "X-Gm-Message-State": "AOJu0YxES9oUK+k5LQDlHvWR0CcEidWbinb7D0Ou3oTzWJQkr0H+hOFS\n V9kMPeU98tl4MZ3UQ4XtDenqWSTUmvGm9zKmGE/gSs30V7wakDgL3HVY491yn+l2", "X-Gm-Gg": "AeBDiev2wMAQZMpMapCMCkmgdff67zEqiicraQ/uESOtBnhj+JOY5T8EUQlokfq8Kuh\n aDrULH0Z+2ntBpVwAH6o4wGxggoOruHbpbxACaZUO+Glp2fJWxed+daY/ZV+BGtF8i6BA3UL2vU\n OXeObAedRv4L8zawIf4sZllrIhP3BQuhCjCJLZagwm8ybkYctYFEGn9p8DmUJryW8O2ElvBgyg/\n DhZRJVwEAvnsXZDIg3FiKWqGpVwp5SabYJap99HVZoo4MvHEg4HzjWvkTzdq70Dd8/QKvfvZXO7\n UChARXP90aS6ar2v8Ylj5gEayTXfCK4+4lMaTUgAM+8RtA8Qtz4eSpOAdVE+zHQ1eCRKFvnU9he\n RTqGgldY8n5pN8/WZ0EIz/ImIiFjkoJYjdeWGZRiH7OiKNhiZp9atg5d4/R+XsRGsmGxRgEOHps\n 0ks5dMILAHxfikd1M+yTu4e5nWgty7YXH8fDjUggRWC771UMMJ3vnUfPYNqJbq6e1KrONY609ab\n ZlTPTN0AfU5uOToDDnMNPWz2V06gJe/1SL2yN7ozF9sQ9wlbW1KdZHsz6y/nP0ieJ7olsK4ovA=", "X-Received": "by 2002:a05:7300:dc8b:b0:2d9:f0b3:1d98 with SMTP id\n 5a478bee46e88-2d9f0b33952mr2553065eec.7.1776133068647;\n Mon, 13 Apr 2026 19:17:48 -0700 (PDT)", "From": "Rocket Ma <marocketbd@gmail.com>", "To": "Carlos O'Donell <carlos@redhat.com>", "Cc": "libc-alpha@sourceware.org,\n\tFlorian Weimer <fw@deneb.enyo.de>", "Subject": "[PATCH v5 3/3] stdio-common: Optimize %ms expansion for best fit", "Date": "Mon, 13 Apr 2026 19:17:08 -0700", "Message-ID": "<20260414021708.3062753-4-marocketbd@gmail.com>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260414021708.3062753-1-marocketbd@gmail.com>", "References": "<20260414021708.3062753-1-marocketbd@gmail.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "libc-alpha@sourceware.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Libc-alpha mailing list <libc-alpha.sourceware.org>", "List-Unsubscribe": "<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>", "List-Archive": "<https://sourceware.org/pipermail/libc-alpha/>", "List-Post": "<mailto:libc-alpha@sourceware.org>", "List-Help": "<mailto:libc-alpha-request@sourceware.org?subject=help>", "List-Subscribe": "<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>", "Errors-To": "libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org" }, "content": "* stdio-common/vfscanf-internal.c: Add grow_to_fit to calculate the size\nof expanded string during %ms/%m[ scan for best fit.\n\nSigned-off-by: Rocket Ma <marocketbd@gmail.com>\n---\n stdio-common/vfscanf-internal.c | 63 ++++++++++++++++++++++-----------\n 1 file changed, 42 insertions(+), 21 deletions(-)", "diff": "diff --git a/stdio-common/vfscanf-internal.c b/stdio-common/vfscanf-internal.c\nindex 3d11ac261e..8eec294a98 100644\n--- a/stdio-common/vfscanf-internal.c\n+++ b/stdio-common/vfscanf-internal.c\n@@ -265,6 +265,17 @@ char_buffer_add (struct char_buffer *buffer, CHAR_T ch)\n *buffer->current++ = ch;\n }\n \n+/* Calculate the result size of expanded char array in %ms, %mS,\n+ %m[ or %lm[. */\n+static __always_inline size_t\n+grow_to_fit (size_t oldsize, int need)\n+{\n+ if (need < 0 || oldsize < need)\n+ return oldsize * 2;\n+ /* oldsize >= need: grow requested capacity and 1 byte for `\\0' */\n+ return oldsize + need + 1;\n+}\n+\n /* Read formatted input from S according to the format string\n FORMAT, using the argument list in ARG.\n Return the number of assignments made, or -1 for an input error. */\n@@ -804,7 +815,8 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t && *strptr + strsize - str <= MB_LEN_MAX)\n \t\t {\n \t\t /* We have to enlarge the buffer if the `m' flag\n-\t\t\t was given. */\n+\t\t\t was given. And we may not expand str by width\n+\t\t\t as the wcrtomb may return various bytes */\n \t\t size_t strleng = str - *strptr;\n \t\t char *newstr;\n \n@@ -1098,7 +1110,8 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t\t&& *strptr + strsize - str <= MB_LEN_MAX)\n \t\t {\n \t\t\t/* We have to enlarge the buffer if the `a' or `m'\n-\t\t\t flag was given. */\n+\t\t\t flag was given. And we may not expand str by\n+\t\t\t width as the wcrtomb may return various bytes */\n \t\t\tsize_t strleng = str - *strptr;\n \t\t\tchar *newstr;\n \n@@ -1156,7 +1169,9 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t\t && (char *) str == *strptr + strsize)\n \t\t\t{\n \t\t\t /* Enlarge the buffer. */\n-\t\t\t str = (char *) realloc (*strptr, 2 * strsize);\n+\t\t\t size_t newsize = grow_to_fit (strsize, width);\n+\n+\t\t\t str = (char *) realloc (*strptr, newsize);\n \t\t\t if (str == NULL)\n \t\t\t {\n \t\t\t /* Can't allocate that much. Last-ditch\n@@ -1188,7 +1203,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t\t {\n \t\t\t *strptr = (char *) str;\n \t\t\t str += strsize;\n-\t\t\t strsize *= 2;\n+\t\t\t strsize = newsize;\n \t\t\t }\n \t\t\t}\n \t\t }\n@@ -1286,9 +1301,10 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t\t&& wstr == (wchar_t *) *strptr + strsize)\n \t\t {\n \t\t\t/* Enlarge the buffer. */\n-\t\t\twstr = (wchar_t *) realloc (*strptr,\n-\t\t\t\t\t\t (2 * strsize)\n-\t\t\t\t\t\t * sizeof (wchar_t));\n+\t\t\tsize_t newsize = grow_to_fit (strsize, width);\n+\n+\t\t\twstr = (wchar_t *) realloc (\n+\t\t\t *strptr, newsize * sizeof (wchar_t));\n \t\t\tif (wstr == NULL)\n \t\t\t {\n \t\t\t /* Can't allocate that much. Last-ditch\n@@ -1322,7 +1338,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t\t {\n \t\t\t *strptr = (char *) wstr;\n \t\t\t wstr += strsize;\n-\t\t\t strsize *= 2;\n+\t\t\t strsize = newsize;\n \t\t\t }\n \t\t }\n \t\t }\n@@ -1362,9 +1378,10 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t && wstr == (wchar_t *) *strptr + strsize)\n \t\t {\n \t\t /* Enlarge the buffer. */\n+\t\t size_t newsize = grow_to_fit (strsize, width);\n+\n \t\t wstr = (wchar_t *) realloc (*strptr,\n-\t\t\t\t\t\t (2 * strsize\n-\t\t\t\t\t\t * sizeof (wchar_t)));\n+\t\t\t\t\t\t newsize * sizeof (wchar_t));\n \t\t if (wstr == NULL)\n \t\t\t{\n \t\t\t /* Can't allocate that much. Last-ditch effort. */\n@@ -1397,7 +1414,7 @@ __vfscanf_internal (FILE *s, const char *format, va_list argptr,\n \t\t\t{\n \t\t\t *strptr = (char *) wstr;\n \t\t\t wstr += strsize;\n-\t\t\t strsize *= 2;\n+\t\t\t strsize = newsize;\n \t\t\t}\n \t\t }\n \t\t}\n@@ -2754,9 +2771,10 @@ digits_extended_fail:\n \t\t\t && wstr == (wchar_t *) *strptr + strsize)\n \t\t\t{\n \t\t\t /* Enlarge the buffer. */\n-\t\t\t wstr = (wchar_t *) realloc (*strptr,\n-\t\t\t\t\t\t (2 * strsize)\n-\t\t\t\t\t\t * sizeof (wchar_t));\n+\t\t\t size_t newsize = grow_to_fit (strsize, width);\n+\n+\t\t\t wstr = (wchar_t *) realloc (\n+\t\t\t *strptr, newsize * sizeof (wchar_t));\n \t\t\t if (wstr == NULL)\n \t\t\t {\n \t\t\t /* Can't allocate that much. Last-ditch\n@@ -2790,7 +2808,7 @@ digits_extended_fail:\n \t\t\t {\n \t\t\t *strptr = (char *) wstr;\n \t\t\t wstr += strsize;\n-\t\t\t strsize *= 2;\n+\t\t\t strsize = newsize;\n \t\t\t }\n \t\t\t}\n \t\t }\n@@ -2839,9 +2857,10 @@ digits_extended_fail:\n \t\t\t && wstr == (wchar_t *) *strptr + strsize)\n \t\t\t{\n \t\t\t /* Enlarge the buffer. */\n-\t\t\t wstr = (wchar_t *) realloc (*strptr,\n-\t\t\t\t\t\t (2 * strsize\n-\t\t\t\t\t\t * sizeof (wchar_t)));\n+\t\t\t size_t newsize = grow_to_fit (strsize, width);\n+\n+\t\t\t wstr = (wchar_t *) realloc (\n+\t\t\t *strptr, newsize * sizeof (wchar_t));\n \t\t\t if (wstr == NULL)\n \t\t\t {\n \t\t\t /* Can't allocate that much. Last-ditch\n@@ -2875,7 +2894,7 @@ digits_extended_fail:\n \t\t\t {\n \t\t\t *strptr = (char *) wstr;\n \t\t\t wstr += strsize;\n-\t\t\t strsize *= 2;\n+\t\t\t strsize = newsize;\n \t\t\t }\n \t\t\t}\n \t\t }\n@@ -2983,7 +3002,9 @@ digits_extended_fail:\n \t\t if ((flags & MALLOC)\n \t\t\t && *strptr + strsize - str <= MB_LEN_MAX)\n \t\t\t{\n-\t\t\t /* Enlarge the buffer. */\n+\t\t\t /* Enlarge the buffer. And we may not\n+\t\t\t expand str by width as the wcrtomb may\n+\t\t\t return various bytes */\n \t\t\t size_t strleng = str - *strptr;\n \t\t\t char *newstr;\n \n@@ -3051,7 +3072,7 @@ digits_extended_fail:\n \t\t\t && (char *) str == *strptr + strsize)\n \t\t\t{\n \t\t\t /* Enlarge the buffer. */\n-\t\t\t size_t newsize = 2 * strsize;\n+\t\t\t size_t newsize = grow_to_fit (strsize, width);\n \n \t\t\tallocagain:\n \t\t\t str = (char *) realloc (*strptr, newsize);\n", "prefixes": [ "v5", "3/3" ] }