Fix potential stack overflow [BZ #23490]

Since we are expecting the exact "IBT" string, adjust stack buffer size
and scanf format accordingly.

diff --git a/ChangeLog b/ChangeLog
index 7c4b061..03cbe04 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-12-08  Paul Pluzhnikov  <ppluzhnikov@google.com>
+
+       [BZ #23490]
+       * sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c
+       (do_test): Adjust buffer size and fix format.
+
 2018-12-07  DJ Delorie  <dj@redhat.com>
 
        [BZ #23907]

diff --git a/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c b/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c
index 0531074..259ef44 100644 (file)
--- a/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c
+++ b/sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c
@@ -44,9 +44,9 @@ sig_handler (int signo)
 static int
 do_test (void)
 {
-  char buf[20];
+  char buf[4];
 
-  if (scanf ("%20s", buf) != 1)
+  if (scanf ("%3s", buf) != 1)
     FAIL_UNSUPPORTED ("IBT not supported");
 
   if (strcmp (buf, "IBT") != 0)