Bug#553206: libc6: sscanf segfaults with %d on large decimal input string

Package: libc6 Version: 2.13-24 Followup-For: Bug #553206 This also happens with plain scanf. -- System Information: Debian Release: wheezy/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux

Bug#553206: libc6: sscanf segfaults with %d on large decimal input string

Package: libc6 Version: 2.10.1-2 Severity: normal sscanf(p,%d,i) caused a SIGSEGV raised if p points to a very long input string with just decimal characters in it. that makes %d unusable for scanning untrusted input. (in my case a sip registrar). here is a code example that shows it (use