[libvirt] [PATCH] maint: don't permit format strings without %
Eric Blake
eblake at redhat.com
Thu Jul 26 20:58:02 UTC 2012
On 07/24/2012 02:00 AM, Daniel P. Berrange wrote:
> On Mon, Jul 23, 2012 at 02:37:42PM -0600, Eric Blake wrote:
>> Any time we have a string with no % passed through gettext, a
>> translator can inject a % to cause a stack overread. When there
>> is nothing to format, it's easier to ask for a string that cannot
>> be used as a formatter, by using a trivial "%s" format instead.
>>
>> In the past, we have used --disable-nls to catch some of the
>> offenders, but that doesn't get run very often, and many more
>> uses have crept in. Syntax check to the rescue!
>
> Also with current GCC, even using '--disable-nls' doesn't produce
> any errors in this regard, hence why we have so many problems.
>
>
> ACK
Thanks; pushed.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120726/b619c764/attachment-0001.sig>
More information about the libvir-list
mailing list