[PATCH v2 2/3] msvcrt: Verify format string to prevent buffer overrun

[Piotr Caban]

On 07/29/18 23:25, janisozaur at gmail.com wrote:
> @@ -686,7 +686,7 @@ _FUNCTION_ {
>   		 * use %%." */
>                   while ((nch!=_EOF_) && _ISSPACE_(nch))
>                       nch = _GETC_(file);
> -                if ((_CHAR_)nch == *format) {
> +                if (*format && (_CHAR_)nch == *format) {
>                       suppress = 1; /* whoops no field to be read */
>                       st = 1; /* but we got what we expected */
>                       nch = _GETC_(file);
Shouldn't this check be done before whitespaces are read?

Thanks,
Piotr