scanf could trash a word of the caller's stack if it did not perform all possible assignments.
Code in ~scanf would call ~RemoveWord to remove the extra parameters, but ~RemoveWord is designed to be called from one of the ~Scan_... subroutines, which is (in effect) called by JSR and thus has an extra word on the stack for its return address. This stack misalignment caused ~RemoveWord to overwrite a word of the caller's stack when called from the code to remove extra parameters. This could cause a crash in the following program: #include <stdio.h> void f(void) { int a,b; sscanf("Z", "%i%i", &a, &b); } int main(void) { f(); }
This commit is contained in:
parent
61bfc70b9b
commit
66e1835175
Loading…
Reference in New Issue