[Libvir] PATCH: Avoid format string abuse (also avoids gcc warnings).

Jim Meyering jim at meyering.net
Tue Nov 6 19:31:06 UTC 2007

This patch was prompted by warnings like this:

  util.c:56: warning: format not a string literal and no format arguments

and they're legitimate.

Imagine a format string contains "%%..." goes through the vnsprintf
call, which reduces it to "%...".  If the result string is then passed
to __virRaiseError as the format string, then *boom*.
Instead, use "%s" as the format, with the non-literal as
the matching argument.  Patch below.

I searched the sources for %% and *did* find one potential problem:

    $ git-grep -B1 %% > k
    po/ms.po-msgid "too many drivers registered in %s"
    po/ms.po:msgstr "terlalu banyak spesifikasi penukaran %% pada suffiks"
    src/xend_internal.c-            case '\n':
    src/xend_internal.c:                snprintf(ptr, 4, "%%%02x", string[i]);

since "% p" does happen to be a valid format string!
So if someone using Malaysian messages provoked that particular
diagnostic in a code path that takes it through __virRaiseError,
bad things might happen.  Big "if", of course :-)  I didn't try.

2007-11-06  Jim Meyering  <meyering at redhat.com>

	Avoid risk of format string abuse (also avoids gcc warnings).
	* src/util.c (ReportError): Use a literal "%s" format string.
	* src/remote_internal.c (server_error): Likewise.
	* src/qemu_conf.c (qemudReportError): Likewise.

More information about the libvir-list mailing list