<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/89710>89710</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            lldb/source/Host/linux/Host.cpp:94: Possible missing field width in scanf %s ?
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            lldb,
            code-quality
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          dcb314
      </td>
    </tr>
</table>

<pre>
    Static analyser cppcheck says:

lldb/source/Host/linux/Host.cpp:94:7: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]

Source code is

  if (sscanf(Rest.data(),
 "%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld",
 &stat_fields.pid, stat_fields.comm, &stat_fields.state,
 &stat_fields.ppid, &stat_fields.pgrp, &stat_fields.session,
 &stat_fields.tty_nr, &stat_fields.tpgid, &stat_fields.flags,
 &stat_fields.minflt, &stat_fields.cminflt, &stat_fields.majflt,
 &stat_fields.cmajflt, &stat_fields.utime, &stat_fields.stime,
 &stat_fields.cutime, &stat_fields.cstime) < 0) {

but

 char comm[task_comm_len];

and

constexpr int task_comm_len = 16;

Might there be some value in adding the string maximum length to the %s ?

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUVMFu4zgM_Rr5QjSwpdixDz60DYK9LLDY-YBClhSbM7LsNam2-fuFnEybFgmwe6EpUu-RoklqIuyDc60on0S5z3TkYVpaazpVbLNusqf2B2tGAzpofyK3gJlnMzjzC0ifSKhHke9FfpHe207IA01xMU7Iwx8TsZAHjyG-X44bM89CPTZboR53Qj3Cm14Chj6pREaHo5C1kA28IQ9TZDii8xbe0PIAHkdkAqMDmEXTsF6CIfYOMMyRwWrWGxDlE4ZX7dGeCcv9dZI_1uzATNYB0rUHAI8gZP2Rx9-OeJM4zzkJ-Xy5KKQUsrQgZElJGPh9vCViEv6_SHuWK_1nrIpY88taCNrMaIV8hmuTmcYx2b7dTLq7z3Mh-m7ul_kWlyPCKdxlYz69hOUGkOf-Zpyj1z3dpRsxHD3fgJm7nlH_PDtuM5oP_3dPZBzdzfKd7Xf47sHMBdeAUM-Qr8ru6brNushfus4MeoH1H5ZPrOnXS9JfvAupcdUXqA72-mimQOze5wUwMHzBglB7KKpv-D-xHxh4cIuDzgFNo4NX7WOaH9DWYuiTF4iXpI76Hcc4gneh5wF4Wp3npleHM2VmW2Ub1ejMtcWuUHVZFUWVDW2zrWwlXV11Th6PO9NVtimOhVK1NrmpqwxbmcttvpUq3-W1qjamLlSt86LIC71taiu2uRs1-o33r-NmWvoMiaJr62ZX5JnXnfO0bi4pz5tnnRop02g__BO1Rz4lY7nPljZxPHSxJ7HNPRLTJysje9f-z-UFf01E2HkHIxKlal1vKgywLpGPYmVx8e3APK87Ux6EPPTIQ-zS9KYw_vX352Fepp_OpODre0nIw_rkfwMAAP__T6_EmA">