[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/50609: lib/libusbhid/usage.c: 3 * missing ranges in scanf
The following reply was made to PR lib/50609; it has been noted by GNATS.
From: David Holland <dholland-bugs%netbsd.org@localhost>
Subject: Re: lib/50609: lib/libusbhid/usage.c: 3 * missing ranges in scanf
Date: Tue, 31 May 2016 02:12:36 +0000
On Sat, Jan 02, 2016 at 02:05:01PM +0000, dcb314%hotmail.com@localhost wrote:
> [lib/libusbhid/usage.c:97]: (warning) scanf without field width limits can crash with huge input data.
> if (sscanf(line, " * %[^\n]", name) == 1)
> char line, name, *p, *n;
Right, it can't output more into name than is in line so it can't
overflow... this seems like a false positive, though the code's
David A. Holland
Main Index |
Thread Index |