stdio-common: Fix a crash in scanf input specifier tests [BZ #32857]

Fix a null pointer dereference causing a crash in 'read_real' when the terminating null character is written for use with the subsequent call to 'nan' for NaN reference input using null 'n-char-sequence', such as: %a:nan():1:5:nan(): by moving the memory allocation call ahead of the check for the closing parenthesis. No test case added as it's a test case issue in the first place. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2025-12-20 01:12:17 +08:00 · 2025-08-23 01:02:10 +01:00
parent da2a2581c4
commit 67d2c9e3b7
1 changed files with 5 additions and 5 deletions
--- a/stdio-common/tst-scanf-format-real.h
+++ b/stdio-common/tst-scanf-format-real.h
@@ -207,6 +207,11 @@ out:									\
 	if (ch == '(')							\
 	  while (1)							\
 	    {								\
+	      if (i == seq_size)					\
+		{							\
+		  seq_size += SIZE_CHUNK;				\
+		  seq = xrealloc (seq, seq_size);			\
+		}							\
 	      ch = read_input ();					\
 	      if (ch == ')')						\
 		break;							\
@@ -219,11 +224,6 @@ out:									\
 		  v = NAN;						\
 		  goto out;						\
 		}							\
-	      if (i == seq_size)					\
-		{							\
-		  seq_size += SIZE_CHUNK;				\
-		  seq = xrealloc (seq, seq_size);			\
-		}							\
 	      seq[i++] = ch;						\
 	    }								\
 	seq[i] = '\0';							\