gnucash master: Fix wrong PWARN calling signature.

Derek Atkins warlord at MIT.EDU
Thu Jul 14 10:04:21 EDT 2016

John Ralls <jralls at> writes:

>>> - PWARN(str.str().c_str());
>>> + PWARN("%s", str.str().c_str());
>>> What's the difference here?
>> I mean, I see that if the string is, for instance, "%s", nothing is output.
>> But did this come up, or did you catch it visually while looking through
>> the code.
> master's nightly failed. I thought I'd tested it before committing,
> but when I tried again this morning it failed.
> The issue is that gcc will happily a single-argument invocation of
> PWARN(format, ...) but g++ --at least the version in MinGW--won't.

Even worse, the original code could cause the app to crash if the
provided string has some printf codes in it; causing printf to read into
invalid memory.

This is the correct fix both programatically as well as from a security
point of view.  You should never pass a (user-supplied) variable into
the "format" input of a *printf function.

Thanks for fixing this, John.

> Regards,
> John Ralls

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the gnucash-devel mailing list