From 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Mon Sep 17 00:00:00 2001
From: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Fri, 6 Feb 2015 00:30:42 -0500
Subject: CVE-2015-1472: wscanf allocates too little memory

BZ #16618

Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer.  The
implementation now correctly computes the required buffer size when
using malloc.

A regression test was added to tst-sscanf.
---
 ChangeLog | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 4916b03d0b..d23d3ae926 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-02-05  Paul Pluzhnikov  <ppluzhnikov@google.com>
+
+	[BZ #16618]
+	* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+	* stdio-common/vfscanf.c (_IO_vfscanf_internal): Compute needed
+	size in bytes. Store needed elements in wpmax. Use needed size
+	in bytes for extend_alloca.
+
 2015-02-05  Carlos O'Donell  <carlos@systemhalted.org>
 
 	* manual/install.texi: Latest tested versions are GCC 4.9.2,
-- 
cgit v1.2.3