Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=528000 --- Comment #3 from Patrick Monnerat <pm@xxxxxxxxxxxxx> 2009-10-08 13:38:42 EDT --- Here are some details. The lines causing the trouble are: $format and $exifTool->Warn( sprintf("Unknown format ($format) for $dirName tag 0x%x",$tagID)); So $format and/or $dirName are tainted. I'm not a Perl guy, so I can hardly backtrack these variable's sources (it even comes from out of the module), but I think the faulty statement can be rewritten as: $format and $exifTool->Warn( sprintf("Unknown format (%d) for %s tag 0x%x",$format,$dirName,$tagID)); in a more secure way that does not cause the taint problem, but at the expense of poorer readability, I agree. >From what I can see by examining Exif.pm, some other sprintf statements might be subject to similar problems (i.e.: lines 2918, 2941, 2972, ...). I apologize for not being able to reproduce, but the line is reached when there is an unknown format in an Exif directory of a picture that I do not have anymore (rejected by SpamAssassin!) Whether the current bug is related to bug 510127 or not is out of my Perl understanding... and since I do not know how to reproduce, I cannot even test it on rawhide :-( Sorry and thanks for the proposal. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl Fedora-perl-devel-list mailing list Fedora-perl-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-perl-devel-list
