When --x-grid is given a value such as 'MINUTE:1:MINUTE:5:MINUTE:30:0'
(missing the trailing colon before the date-format field), sscanf()
still returns 7 because %n is not counted in its return value, but the
%n assignment to stroff is never executed. stroff therefore kept its
uninitialized stack value; the subsequent 'stroff != 0' guard read
garbage and could cause strdup(optarg + stroff) to run with a bogus
offset, producing a segfault.
Initialise stroff = 0 at declaration so that a partial sscanf match
leaves stroff as zero, causing the condition to be false and execution
to fall through to the existing 'invalid x-grid format' error path.
Reported by @anvilvapre.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
====================
Bugfixes
--------
+* Fix segfault when `--x-grid` is given without a trailing date-format
+ field. The `%n` conversion in `sscanf()` is not counted in its return
+ value, so `stroff` remained uninitialized when the input ended before
+ the final `:` separator; the subsequent `stroff != 0` guard read
+ garbage and could branch into `strdup()` with a bogus offset. Fixed by
+ initialising `stroff = 0` so a partial match safely falls through to
+ the existing "invalid x-grid format" error path. Issue #1291
+ reported by @anvilvapre, fixed by @oetiker
* Pad the Perl `$RRDs::VERSION` / `$RRDp::VERSION` numeric encoding so
two-digit minor releases compare monotonically. The numeric version
now uses three-digit zero-padded minor and patch fields, e.g.
struct optparse *poptions,
image_desc_t *im)
{
- int stroff;
+ int stroff = 0;
char *parsetime_error = NULL;
char scan_gtm[12], scan_mtm[12], scan_ltm[12], col_nam[12];
char double_str[41] = { 0 }, double_str2[41] = { 0 };
projects / thirdparty / rrdtool-1.x.git / commitdiff
