>>>>> Steve Grubb <sgr...@redhat.com>
>>>>> on Thu, 20 Jul 2017 17:28:53 -0400 writes:
> Hello,
> The SMBUF_SIZED_STRING allows fscanf to read upto 511 bytes. The buffer
> at line 1382 is only 128 bytes. The fscanf format specifier ought to be
> resized to prevent a stack overrun.
Yes, you are right, thank you!
Fix committed as svn rev 72945
> Signed-of-by: Steve Grubb <sgr...@redhat.com>
> Index: saveload.c
> ===================================================================
> --- src/main/saveload.c (revision 72935)
> +++ src/main/saveload.c (working copy)
> @@ -1379,7 +1379,7 @@
> {
> char buf[128];
> int x, res;
> - res = fscanf(fp, SMBUF_SIZED_STRING, buf);
> + res = fscanf(fp, "%127s", buf);
> if(res != 1) error(_("read error"));
> if (strcmp(buf, "NA") == 0)
> return NA_INTEGER;
> ______________________________________________
> R-devel@r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
