[libvirt] [PATCH] maint: don't permit format strings without %

Eric Blake eblake at redhat.com
Thu Jul 26 20:58:02 UTC 2012


On 07/24/2012 02:00 AM, Daniel P. Berrange wrote:
> On Mon, Jul 23, 2012 at 02:37:42PM -0600, Eric Blake wrote:
>> Any time we have a string with no % passed through gettext, a
>> translator can inject a % to cause a stack overread.  When there
>> is nothing to format, it's easier to ask for a string that cannot
>> be used as a formatter, by using a trivial "%s" format instead.
>>
>> In the past, we have used --disable-nls to catch some of the
>> offenders, but that doesn't get run very often, and many more
>> uses have crept in.  Syntax check to the rescue!
> 
> Also with current GCC, even using '--disable-nls' doesn't produce
> any errors in this regard, hence why we have so many problems.
> 

> 
> ACK

Thanks; pushed.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120726/b619c764/attachment-0001.sig>


More information about the libvir-list mailing list