Kevin Wolf <kw...@redhat.com> writes: > scanf calls must not use PRI constants, they have probably the wrong size and > corrupt memory. We could replace them by SCN ones, but strtol is simpler than > scanf here anyway. While at it, also fix the parsers to reject garbage after > the number ("4096xyz" was accepted before).
Do we have more misuse of PRI with scanf elsewhere? No need to fix them all in one commit (and thus delay this fix); I just want to make sure somebody looks.