From 1e8ef58a6fb248d5cdda15b0826424a88f71db2b Mon Sep 17 00:00:00 2001
From: hanjinpeng <hanjinpeng@kylinos.cn>
Date: Thu, 1 Aug 2024 21:25:11 +0800
Subject: [PATCH] cgtop: fix sscanf return code checks

sscanf can return EOF on error, so check that we get a result instead.
---
 ...-fix-cgtop-sscanf-return-code-checks.patch | 30 +++++++++++++++++++
 systemd.spec                                  |  6 +++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-cgtop-sscanf-return-code-checks.patch

diff --git a/backport-fix-cgtop-sscanf-return-code-checks.patch b/backport-fix-cgtop-sscanf-return-code-checks.patch
new file mode 100644
index 0000000..59ddb47
--- /dev/null
+++ b/backport-fix-cgtop-sscanf-return-code-checks.patch
@@ -0,0 +1,30 @@
+From bab356f5a0b8d4a43a71076c2333ff4da7ed737e Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Fri, 19 Jan 2024 15:12:49 +0000
+Subject: [PATCH] cgtop: fix sscanf return code checks
+
+sscanf can return EOF on error, so check that we get a result instead.
+
+CodeQL#2386 and CodeQL#2387
+
+(cherry picked from commit 204d52c4b79eb19d2919cb5214e999c58a6679c6)
+---
+ src/cgtop/cgtop.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c
+index e34da7cf728..ca514554408 100644
+--- a/src/cgtop/cgtop.c
++++ b/src/cgtop/cgtop.c
+@@ -310,9 +310,9 @@ static int process(
+ 
+                         if (all_unified) {
+                                 while (!isempty(l)) {
+-                                        if (sscanf(l, "rbytes=%" SCNu64, &k))
++                                        if (sscanf(l, "rbytes=%" SCNu64, &k) == 1)
+                                                 rd += k;
+-                                        else if (sscanf(l, "wbytes=%" SCNu64, &k))
++                                        else if (sscanf(l, "wbytes=%" SCNu64, &k) == 1)
+                                                 wr += k;
+ 
+                                         l += strcspn(l, WHITESPACE);
diff --git a/systemd.spec b/systemd.spec
index fb898a6..14fd269 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        249
-Release:        83
+Release:        84
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -677,6 +677,7 @@ Patch6624:      backport-unit-don-t-gc-unit-in-oom-queue.patch
 Patch6625:      backport-core-do-not-GC-units-jobs-that-are-in-the-D-Bus-queu.patch
 Patch6626:      backport-Update-hwdb.patch
 Patch6627:      backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-so.patch
+Patch6628:      backport-fix-cgtop-sscanf-return-code-checks.patch
 
 Patch9001:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9002:      udev-add-actions-while-rename-netif-failed.patch
@@ -2191,6 +2192,9 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
 /usr/bin/systemd-cryptenroll
 
 %changelog
+* Thu Aug 1 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 249-84
+- backport: fix cgtop sscanf return code checks
+
 * Thu Jul 18 2024 gengqihu <gengqihu2@h-partners.com> - 249-83
 - add backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-so.patch
 
-- 
Gitee