Description of problem: Summary say it all Version-Release number of selected component (if applicable): glibc-2.7-2 How reproducible: Easily Steps to Reproduce: The failed program: #include <stdio.h> main() { char *path = NULL, *line; int nbargs; line = " "; nbargs = sscanf (line, "%as", &path); printf("nbargs %d\n", nbargs); } 1. gcc -o t t.c 2. ./t 3. Actual results: *** glibc detected *** ./t: double free or corruption (out): 0xbfc4e1e0 *** ======= Backtrace: ========= /lib/libc.so.6[0xcefac1] /lib/libc.so.6(cfree+0x90)[0xcf30f0] /lib/libc.so.6(_IO_vfscanf+0x906)[0xcd0b66] /lib/libc.so.6(vsscanf+0x91)[0xce10c1] /lib/libc.so.6(_IO_sscanf+0x2e)[0xcdbdae] ./t[0x804842d] /lib/libc.so.6(__libc_start_main+0xe0)[0xc9c390] ./t[0x8048341] ======= Memory map: ======== 00110000-00111000 r-xp 00110000 00:00 0 [vdso] 001bb000-001d6000 r-xp 00000000 fd:00 6876214 /lib/ld-2.7.so 001d6000-001d7000 r-xp 0001a000 fd:00 6876214 /lib/ld-2.7.so 001d7000-001d8000 rwxp 0001b000 fd:00 6876214 /lib/ld-2.7.so 00c86000-00dd9000 r-xp 00000000 fd:00 6876215 /lib/libc-2.7.so 00dd9000-00ddb000 r-xp 00153000 fd:00 6876215 /lib/libc-2.7.so 00ddb000-00ddc000 rwxp 00155000 fd:00 6876215 /lib/libc-2.7.so 00ddc000-00ddf000 rwxp 00ddc000 00:00 0 04ca9000-04cb4000 r-xp 00000000 fd:00 6876239 /lib/libgcc_s-4.1.2-20070925.so.1 04cb4000-04cb5000 rwxp 0000a000 fd:00 6876239 /lib/libgcc_s-4.1.2-20070925.so.1 08048000-08049000 r-xp 00000000 fd:00 6710944 /root/t 08049000-0804a000 rw-p 00000000 fd:00 6710944 /root/t 08181000-081a2000 rw-p 08181000 00:00 0 b7e00000-b7e21000 rw-p b7e00000 00:00 0 b7e21000-b7f00000 ---p b7e21000 00:00 0 b7faa000-b7fac000 rw-p b7faa000 00:00 0 bfc3a000-bfc4f000 rw-p bffea000 00:00 0 [stack] Aborted Expected results: "nbargs -1" Additional info: Known to work on FC-6, F-7, glibc-2.6 (powerpc port).
This is fixed in rawhide.