Hi -
> [...]
> This does sounds like a bug in glibc sscanf. I cannot find a
> description of what exactly happens with 'm' modifier allocated
> buffers on error. So I can imagine a double free if sscanf frees the
> buffer on error. But returning a bogus pointer? That seems a bug. If
> we aren't guaranteed a valid pointer (or NULL) then this could easily
> lead to memory leaks.
Spent way too long trying to reproduce this. It was a PEBCAK on my
part, comparing a version of elfutils with the distro, and a
locally-built one that included this commit. I think I must have
mixed up some LD_LIBRARY_PATH and run a franken-binary, then misplaced
the blame for the crash. I'll revert my unnecessary fix. (It might
be nice if the fedora build got this fix sometime.)
commit 1be0787d6654ed71bf659e8bfd34895fea7589eb
Author: Aaron Merey <ame...@redhat.com>
Date: Fri Jan 24 19:43:19 2025 -0500
debuginfod-client.c: Avoid freeing uninitialized value
- FChE
