Hello,
The SMBUF_SIZED_STRING allows fscanf to read upto 511 bytes. The buffer
at line 1382 is only 128 bytes. The fscanf format specifier ought to be
resized to prevent a stack overrun.
Signed-of-by: Steve Grubb <sgr...@redhat.com>
Index: saveload.c
===================================================================
--- src/main/saveload.c (revision 72935)
+++ src/main/saveload.c (working copy)
@@ -1379,7 +1379,7 @@
{
char buf[128];
int x, res;
- res = fscanf(fp, SMBUF_SIZED_STRING, buf);
+ res = fscanf(fp, "%127s", buf);
if(res != 1) error(_("read error"));
if (strcmp(buf, "NA") == 0)
return NA_INTEGER;
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
