gnucash master: Fix wrong PWARN calling signature.
Derek Atkins
warlord at MIT.EDU
Thu Jul 14 10:04:21 EDT 2016
John Ralls <jralls at ceridwen.us> writes:
>>> - PWARN(str.str().c_str());
>>> + PWARN("%s", str.str().c_str());
>>> What's the difference here?
>>>
>>>
>>
>> I mean, I see that if the string is, for instance, "%s", nothing is output.
>> But did this come up, or did you catch it visually while looking through
>> the code.
>
> master's nightly failed. I thought I'd tested it before committing,
> but when I tried again this morning it failed.
>
> The issue is that gcc will happily a single-argument invocation of
> PWARN(format, ...) but g++ --at least the version in MinGW--won't.
Even worse, the original code could cause the app to crash if the
provided string has some printf codes in it; causing printf to read into
invalid memory.
This is the correct fix both programatically as well as from a security
point of view. You should never pass a (user-supplied) variable into
the "format" input of a *printf function.
Thanks for fixing this, John.
> Regards,
> John Ralls
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the gnucash-devel
mailing list