1--TEST-- 2Bug #38322 (reading past array in sscanf() leads to segfault/arbitrary code execution) 3--FILE-- 4<?php 5 6$str = "a b c d e"; 7var_dump(sscanf("a ",'%1$s',$str)); 8 9echo "Done\n"; 10?> 11--EXPECTF-- 12int(1) 13Done 14