[OpenJDK 2D-Dev] checking sscanf return code in awt_ImagingLib.c ?

[Baesken, Matthias]

Hello, I noticed that we miss a check of the sscanf return code in awt_ImagingLib.c  , should we add a check like we do at almost all other places of sscanf calls ?
(like the code below )

Thanks, Matthias


diff -r 3ca4a8016584 src/java.desktop/share/native/libawt/awt/medialib/awt_ImagingLib.c
--- a/src/java.desktop/share/native/libawt/awt/medialib/awt_ImagingLib.c        Thu Jan 16 18:04:23 2020 +0100
+++ b/src/java.desktop/share/native/libawt/awt/medialib/awt_ImagingLib.c        Tue Jan 21 10:31:34 2020 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1771,6 +1771,7 @@
JNIEXPORT jboolean JNICALL
Java_sun_awt_image_ImagingLib_init(JNIEnv *env, jclass thisClass) {
     char *start;
+    int srs = 0;
     if (getenv("IMLIB_DEBUG")) {
         start_timer = awt_setMlibStartTimer();
         stop_timer = awt_setMlibStopTimer();
@@ -1783,7 +1784,12 @@
         s_printIt = 1;
     }
     if ((start = getenv("IMLIB_START")) != NULL) {
-        sscanf(start, "%d", &s_startOff);
+        srs = sscanf(start, "%d", &s_startOff);
+        if (srs != 1) {
+            s_nomlib = 1;
+            fprintf(stderr, "Failure - reading from IMLIB_START failed.\n");
+            return JNI_FALSE;
+        }
     }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/2d-dev/attachments/20200121/f1ec6c0a/attachment.htm>