[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] maint: don't permit format strings without %



On 07/24/2012 02:00 AM, Daniel P. Berrange wrote:
> On Mon, Jul 23, 2012 at 02:37:42PM -0600, Eric Blake wrote:
>> Any time we have a string with no % passed through gettext, a
>> translator can inject a % to cause a stack overread.  When there
>> is nothing to format, it's easier to ask for a string that cannot
>> be used as a formatter, by using a trivial "%s" format instead.
>>
>> In the past, we have used --disable-nls to catch some of the
>> offenders, but that doesn't get run very often, and many more
>> uses have crept in.  Syntax check to the rescue!
> 
> Also with current GCC, even using '--disable-nls' doesn't produce
> any errors in this regard, hence why we have so many problems.
> 

> 
> ACK

Thanks; pushed.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]