This patch was prompted by warnings like this:
util.c:56: warning: format not a string literal and no format arguments
and they're legitimate.
Imagine a format string contains "%%..." goes through the vnsprintf
call, which reduces it to "%...". If the result string is then passed
to __virRaiseError as the format string, then *boom*.
Instead, use "%s" as the format, with the non-literal as
the matching argument. Patch below.
I searched the sources for %% and *did* find one potential problem:
$ git-grep -B1 %% > k
po/ms.po-msgid "too many drivers registered in %s"
po/ms.po:msgstr "terlalu banyak spesifikasi penukaran %% pada suffiks"
--
src/xend_internal.c- case '\n':
src/xend_internal.c: snprintf(ptr, 4, "%%%02x", string[i]);
since "% p" does happen to be a valid format string!
So if someone using Malaysian messages provoked that particular
diagnostic in a code path that takes it through __virRaiseError,
bad things might happen. Big "if", of course :-) I didn't try.
2007-11-06 Jim Meyering <meyering@xxxxxxxxxx>
Avoid risk of format string abuse (also avoids gcc warnings).
* src/util.c (ReportError): Use a literal "%s" format string.
* src/remote_internal.c (server_error): Likewise.
* src/qemu_conf.c (qemudReportError): Likewise.
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list