In POSIX.1-2008, the %c , %s , and %[ conversion specifiers in a fscanf()/scanf()/sscanf() format string accept an optional assignment-allocation character 'm' to allocate a memory buffer large enough to hold the converted string: http://pubs.opengroup.org/onlinepubs/9699919799/functions/fscanf.html This functionality is useful for safely reading formatted input strings of unknown size. The FreeBSD 9.0 libc does not support this feature. In addition, the gcc 4.6.3 port silently accepts the assignment-allocation character, even when "-Wall" is specified, but a memory buffer is apparently not allocated at run time. Fix: Patch attached with submission follows: How-To-Repeat: Compile the attached program (scanf_m.c) using the base gcc 4.2.1: ##################################### $ gcc -Wall scanf_m.c scanf_m.c: In function 'main': scanf_m.c:6: warning: unknown conversion type character 'm' in format scanf_m.c:6: warning: too many arguments for format $ echo test | ./a.out H?? Segmentation fault (core dumped) ##################################### Using the gcc 4.6.3 port: ##################################### $ gcc46 -Wall scanf_m.c $ echo test | ./a.out H?? Segmentation fault (core dumped) #####################################
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped