From: Akihiko Odaki <akihiko.odaki@xxxxxxxxxx> g_markup_printf_escaped() is a safer alternative to simple printf() as it automatically escapes values. Signed-off-by: Akihiko Odaki <akihiko.odaki@xxxxxxxxxx> Message-Id: <20230912224107.29669-9-akihiko.odaki@xxxxxxxxxx> Signed-off-by: Alex Bennée <alex.bennee@xxxxxxxxxx> --- gdbstub/gdbstub.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c index 9db4af41c1..a4f2bf3723 100644 --- a/gdbstub/gdbstub.c +++ b/gdbstub/gdbstub.c @@ -373,28 +373,34 @@ static const char *get_feature_xml(const char *p, const char **newp, if (strncmp(p, "target.xml", len) == 0) { if (!process->target_xml) { GDBRegisterState *r; - GString *xml = g_string_new("<?xml version=\"1.0\"?>"); + g_autoptr(GPtrArray) xml = g_ptr_array_new_with_free_func(g_free); - g_string_append(xml, - "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">" - "<target>"); + g_ptr_array_add( + xml, + g_strdup("<?xml version=\"1.0\"?>" + "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">" + "<target>")); if (cc->gdb_arch_name) { - g_string_append_printf(xml, - "<architecture>%s</architecture>", - cc->gdb_arch_name(cpu)); + g_ptr_array_add( + xml, + g_markup_printf_escaped("<architecture>%s</architecture>", + cc->gdb_arch_name(cpu))); } - g_string_append(xml, "<xi:include href=\""); - g_string_append(xml, cc->gdb_core_xml_file); - g_string_append(xml, "\"/>"); + g_ptr_array_add( + xml, + g_markup_printf_escaped("<xi:include href=\"%s\"/>", + cc->gdb_core_xml_file)); for (r = cpu->gdb_regs; r; r = r->next) { - g_string_append(xml, "<xi:include href=\""); - g_string_append(xml, r->xml); - g_string_append(xml, "\"/>"); + g_ptr_array_add( + xml, + g_markup_printf_escaped("<xi:include href=\"%s\"/>", + r->xml)); } - g_string_append(xml, "</target>"); + g_ptr_array_add(xml, g_strdup("</target>")); + g_ptr_array_add(xml, NULL); - process->target_xml = g_string_free(xml, false); + process->target_xml = g_strjoinv(NULL, (void *)xml->pdata); } return process->target_xml; } -- 2.39.2