{"id":2220003,"url":"http://patchwork.ozlabs.org/api/covers/2220003/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/cover/20260405181821.475180-1-marocketbd@gmail.com/","project":{"id":41,"url":"http://patchwork.ozlabs.org/api/projects/41/?format=json","name":"GNU C Library","link_name":"glibc","list_id":"libc-alpha.sourceware.org","list_email":"libc-alpha@sourceware.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260405181821.475180-1-marocketbd@gmail.com>","list_archive_url":null,"date":"2026-04-05T18:18:19","name":"[v4,0/2] stdio-common: Fix heap overflow in scanf %mc pattern [BZ #34008]","submitter":{"id":92898,"url":"http://patchwork.ozlabs.org/api/people/92898/?format=json","name":"Rocket Ma","email":"marocketbd@gmail.com"},"mbox":"http://patchwork.ozlabs.org/project/glibc/cover/20260405181821.475180-1-marocketbd@gmail.com/mbox/","series":[{"id":498801,"url":"http://patchwork.ozlabs.org/api/series/498801/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/list/?series=498801","date":"2026-04-05T18:18:19","name":"stdio-common: Fix heap overflow in scanf %mc pattern [BZ #34008]","version":4,"mbox":"http://patchwork.ozlabs.org/series/498801/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2220003/comments/","headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Cvv/Qjqy;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (2048-bit key,\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Cvv/Qjqy","sourceware.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","sourceware.org; spf=pass smtp.mailfrom=gmail.com","server2.sourceware.org;\n arc=none smtp.remote-ip=2607:f8b0:4864:20::1236"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fpghX19N9z1xtJ\n\tfor ; Mon, 06 Apr 2026 04:19:01 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 9F8584BA2E23\n\tfor ; Sun, 5 Apr 2026 18:18:56 +0000 (GMT)","from mail-dl1-x1236.google.com (mail-dl1-x1236.google.com\n [IPv6:2607:f8b0:4864:20::1236])\n by sourceware.org (Postfix) with ESMTPS id 68CF14BA2E1E\n for ; Sun, 5 Apr 2026 18:18:37 +0000 (GMT)","by mail-dl1-x1236.google.com with SMTP id\n a92af1059eb24-1279eced0b9so3640330c88.0\n for ; Sun, 05 Apr 2026 11:18:37 -0700 (PDT)","from localhost ([23.94.240.252]) by smtp.gmail.com with UTF8SMTPSA\n id\n 5a478bee46e88-2cc6e17e0bdsm7379048eec.31.2026.04.05.11.18.34\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Sun, 05 Apr 2026 11:18:34 -0700 (PDT)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org 9F8584BA2E23","OpenDKIM Filter v2.11.0 sourceware.org 68CF14BA2E1E"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 68CF14BA2E1E","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 68CF14BA2E1E","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1775413117; cv=none;\n b=FCuhhBWKoxwH6MWWz8p2QSiuKmc2zP0cpt7Dyu7DY/bCdcW2r80eXjjqU+CG+vE6M9bhPxuVE20Ri7oJNW02mwTZxl23HlTXVEwVduc7yJ3tobaOe4KNhsTne9bnspjS6pfVXRe0Gf5g/+vSGXfUyvyNHG/I/qJ0YtMbTl6eYe4=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1775413117; c=relaxed/simple;\n bh=pVgTG5Vw6bnytB4xwVbBfmLBGWqNYtVwcSGh2+I7SUs=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=maL4E2RmXpKIsVeaAx/JzFav2prv2uvQwPXcoh/k8fqwF55xPBskXemGhsGTtemKKjAkzPgr33syp+ynsVBBDUb1aUSpfXdGSU8Y2hPNcRFe32beL1avYjT7TtSUmQv3vYwVwmPVDyfJkGbjFC1eQFHGB2ExrIDZ31n2oIzAU3s=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775413115; x=1776017915; darn=sourceware.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=nMh6tWOm+NacK/HxCHKGIHz8jBbjNAPt1ebb0Xeq/Ek=;\n b=Cvv/QjqyejdTk8gpVWAZGtoyY1+rXVoBb9u0sij3B99fkN6EzR61PD2OsVdQPfPf/f\n VvpwdNcFdYogyN9ij1yNWDdOF5wg6evUFPaIu7tn0HaIWJXvPYtrLE4V0S7uknwpV6vH\n LtdOwt0sFodJJKn8g4aXEuSRnGx6qc/wEWkGJzZR4KEIsSDYRkDkI87SrxGVfsxWAoZb\n GrOh2P4JkrVuDx4oTLiQThTblIhDIC82MhiWxI3IhfjD6EKsHhmUx8hZ6e1f1syi3OIh\n s97NAPNJc50NlniJltglBPQbDF1p54M3MSt1aLPb7k47d0ajj5WlG68X0Sf7W8M8HHUI\n QC4g==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775413115; x=1776017915;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=nMh6tWOm+NacK/HxCHKGIHz8jBbjNAPt1ebb0Xeq/Ek=;\n b=WtWd+Ce+1PYs08iAL7s+f2A0Vm1om7rAJL6sq0ioiYRzVvC1v+Xduc+1Ebasj2eKXR\n QW1HUl77STBfVpa4nV1JuOSpIr+XICcEBZNNVafFnhaaemt2CsAFhlCYe1+dCSzklPxS\n 4MI4yFSqAX8vuREcl19zOzoevGHtyp9lrmT1061qHY3Q6FlDWP4Mq4jo30Vo+flAKgpB\n V5HQNDkMnd4d8QOLv4+s1M9+pkMsLdw7zjfcjcQRnRMpbAo4vCiXh3l546YuFCuA9p+Y\n GMxkT4gAhJX2CnlWwfqlP/1ArxJS0X2fJ6FL0jQSjjN3r0zaa5rdSuKtvSN/eWLqwuJE\n Dx/A==","X-Gm-Message-State":"AOJu0Ywl61+MQQKi/hBzAxAPHTkCzCKzAgBi0luTUh32HJYBVRjTrnJK\n hSVYSQ7cLQ2Yl6cipEE0UwpfipvstwAPGVTdsRfSgOOcKs0ugrSeAB+DDmivSg==","X-Gm-Gg":"AeBDieu1Ba2ydDFAc3FsKDYLqENTJ4IHRHJtn58kqBT48ZVL+4vpdI7TpK3fVjN/fKN\n vd0iMzWC2n8cw3TyEkaxFIkdNFQjnzkLOfNbBGZF8RRHPguDc5pOTpyXtS6fu8qH9uciN2zJC4V\n YaoXdGvimBoRr9cezAJo4EliuxK/3aU91uUkfL8NDqgeiOjG55vih68CNXIdEY0Ip2+xbknt/Yr\n ZTw1mF/xDJBVFptTPjjaCr3lqobKj+CqASPFdGe9snR/FPQcVvkUbIaBILjWhX2lMuxC2tONm2X\n gY5mriOBnaq999PVBskErmmpJOyCK94n2m/Y17yDgQmpfeRnKLk+76JZS1ciuZ1Rw+lmeDJrxWz\n DbtT3yVE+jgqQEu3uZVuKNvcy15xZ6KBq0d676RcuohPmPHSi0/sh73Qvk4CHgNwy7mJShRDybf\n mn1gjtWroO9bzvoMYMpMPkMZ9a981a1wnTIg0kfKIhii9B6K4U79ZE2YBQVzPyZFOQ1WnaPSGcZ\n c4BnlOK","X-Received":"by 2002:a05:7300:1481:b0:2c1:67e1:61c7 with SMTP id\n 5a478bee46e88-2cbfa8ba48emr4449317eec.11.1775413115299;\n Sun, 05 Apr 2026 11:18:35 -0700 (PDT)","From":"Rocket Ma ","To":"libc-alpha@sourceware.org","Cc":"Carlos O'Donell ,\n Adhemerval Zanella Netto ","Subject":"[PATCH v4 0/2] stdio-common: Fix heap overflow in scanf %mc pattern\n [BZ #34008]","Date":"Sun, 5 Apr 2026 11:18:19 -0700","Message-ID":"<20260405181821.475180-1-marocketbd@gmail.com>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"},"content":"This series includes a patch with requested fix for CVE-2026-5450,\nunified optimized function to calculate %m pattern array expansion, as\nwell as a neat regression test with mcheck.\n\nRocket Ma (2):\n stdio-common: Add regression test [BZ #34008]\n stdio-common: Fix buffer overflow in scanf %mc [BZ #34008]\n\n stdio-common/Makefile | 4 ++\n stdio-common/tst-vfscanf-bz34008.c | 48 +++++++++++++++++++\n stdio-common/vfscanf-internal.c | 74 +++++++++++++++++++-----------\n 3 files changed, 98 insertions(+), 28 deletions(-)\n create mode 100644 stdio-common/tst-vfscanf-bz34008.c"}