Certainly. I have included the source for clarity.
The temp_buf buffer is IO_MAXLINE characters long [0..IO_MAXLINE-1].
The for loop allows characters to be entered from 0 to IO_MAXLINE-1.
If the input stream provides characters continuously and none of them is a newline '\n', the loop will eventually enter at i = IO_MAXLINE-1.
Following that, the erroneous line will be executed with this value of i.
This results in an end-of-string character '\0' being put at temp_buf[IO_MAXLINE] which is *outside* of the buffer!
This results in either the ap variable or some stack-stored registers (I am not sure of the "direction" of the buffer overrun) getting altered which, either way, can not be desirable.
Nonetheless, there is a (potential) buffer overrun and I think it should be removed.
All the best,
Björn
int debug_scanf(const char *fmt_ptr, ...)
{
char temp_buf[IO_MAXLINE];
va_list ap;
uint32_t i;
char result;
va_start(ap, fmt_ptr);
temp_buf[0] = '\0';
for (i = 0; i < IO_MAXLINE; i++)
{
temp_buf[i] = result = debug_getchar();
if (result == '\n')
{
/* End of Line */
break;
}
temp_buf[i + 1] = '\0';
}
result = scan_prv(temp_buf, (char *)fmt_ptr, ap);
va_end(ap);
return result;
}
