From 73f5ecf5289b4a6431d9cc945f523b36a5996a79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sun, 28 Mar 2021 18:10:13 +0200
Subject: [PATCH] Linux: handle garbage in /proc/loadavg

When parsing the content of /proc/loadavg via fscanf(3), ensure client
passed parameters are set to sanitized values.

Related to: #581
---
 linux/Platform.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/linux/Platform.c b/linux/Platform.c
index 7d412bc7..d5fd45dc 100644
--- a/linux/Platform.c
+++ b/linux/Platform.c
@@ -209,19 +209,25 @@ int Platform_getUptime() {
 }
 
 void Platform_getLoadAverage(double* one, double* five, double* fifteen) {
-   int activeProcs, totalProcs, lastProc;
-   *one = 0;
-   *five = 0;
-   *fifteen = 0;
-
    FILE* fd = fopen(PROCDIR "/loadavg", "r");
-   if (fd) {
-      int total = fscanf(fd, "%32lf %32lf %32lf %32d/%32d %32d", one, five, fifteen,
-         &activeProcs, &totalProcs, &lastProc);
-      (void) total;
-      assert(total == 6);
-      fclose(fd);
-   }
+   if (!fd)
+      goto err;
+
+   double scanOne, scanFive, scanFifteen;
+   int r = fscanf(fd, "%lf %lf %lf", &scanOne, &scanFive, &scanFifteen);
+   fclose(fd);
+   if (r != 3)
+      goto err;
+
+   *one = scanOne;
+   *five = scanFive;
+   *fifteen = scanFifteen;
+   return;
+
+  err:
+   *one = NAN;
+   *five = NAN;
+   *fifteen = NAN;
 }
 
 int Platform_getMaxPid() {