Summary
PR #3565, merged on March 4, 2026, appears to have reintroduced a regression in tpm2_safe_read_from_stdin that was already fixed by PR #3553, merged on February 18, 2026.
Background
Issue #3551 reported that tpm2_safe_read_from_stdin silently truncates file paths at the first whitespace character due to the use of sscanf(buf, "%s", read_data). This affects all FAPI tools that use tss2_template.c to read paths from stdin.
PR #3553 fixed this properly by replacing sscanf with fgets + strcspn, which:
- Reads the full line including embedded spaces
- Removes all
malloc/free calls, eliminating associated memory management risk (including a pre-existing missing null-check after malloc)
- Results in a significantly simpler and safer implementation
The Regression
PR #3548 had previously been submitted as an AI-assisted (Copilot Autofix) response to a CodeQL "Unbounded write" alert. It addressed the buffer overflow concern by adding a width specifier to the sscanf format string, but it did not fix the whitespace truncation behavior — Issue #3551 would remain broken under that approach. PR #3548 was correctly closed on March 4, 2026, with the comment "Handled in other PR" (referring to PR #3553).
However, on the same day (March 4, 2026), PR #3565 was opened and merged by the maintainers. PR #3565 carries completely the same logic from PR #3548. If this patch modifies tpm2_safe_read_from_stdin to reintroduce sscanf-based reading, it re-breaks whitespace handling and reverts the fix from PR #3553.
Impact
Any file path containing spaces passed via stdin to FAPI tools (e.g., tss2_template.c callers) would again be silently truncated, reintroducing the bug from Issue #3551.
References
Summary
PR #3565, merged on March 4, 2026, appears to have reintroduced a regression in
tpm2_safe_read_from_stdinthat was already fixed by PR #3553, merged on February 18, 2026.Background
Issue #3551 reported that
tpm2_safe_read_from_stdinsilently truncates file paths at the first whitespace character due to the use ofsscanf(buf, "%s", read_data). This affects all FAPI tools that usetss2_template.cto read paths from stdin.PR #3553 fixed this properly by replacing
sscanfwithfgets+strcspn, which:malloc/freecalls, eliminating associated memory management risk (including a pre-existing missing null-check aftermalloc)The Regression
PR #3548 had previously been submitted as an AI-assisted (Copilot Autofix) response to a CodeQL "Unbounded write" alert. It addressed the buffer overflow concern by adding a width specifier to the
sscanfformat string, but it did not fix the whitespace truncation behavior — Issue #3551 would remain broken under that approach. PR #3548 was correctly closed on March 4, 2026, with the comment "Handled in other PR" (referring to PR #3553).However, on the same day (March 4, 2026), PR #3565 was opened and merged by the maintainers. PR #3565 carries completely the same logic from PR #3548. If this patch modifies
tpm2_safe_read_from_stdinto reintroducesscanf-based reading, it re-breaks whitespace handling and reverts the fix from PR #3553.Impact
Any file path containing spaces passed via stdin to FAPI tools (e.g.,
tss2_template.ccallers) would again be silently truncated, reintroducing the bug from Issue #3551.References
fgets+strcspn(merged Feb 18, 2026)sscanf-width approach (closed Mar 4, 2026)