On Mon, Oct 11, 2010 at 1:20 AM, Eric Sunshine <ericsunshine@xxxxxxxxx> wrote:
> On 10/10/2010 6:16 PM, Erik Faye-Lund wrote:
>>
>> On Sun, Oct 10, 2010 at 11:28 PM, Eric Sunshine<ericsunshine@xxxxxxxxx>
>> wrote:
>>> (On the other hand, for the '%s' check above, the code does report a
>>> warning
>>> and then exits, so it is not inconceivable that a '%n' could also emit a
>>> warning.)
>>
>> I guess I could add something like this:
>>
>> if (strstr(arg, "%1"))
>> warning("arg contains %1, message might be corrupted");
>>
>> I don't want to return in that case, because I think some output is
>> better than no output, and it seems to work on Vista.
>
> Rather than emitting a warning, it might be reasonable to perform a simple
> transformation on the string if it contains a %1 (or %n generally) in order
> to avoid ReportEvent()'s shortcoming. Even something as simple as inserting
> a space between '%' and '1' might be sufficiently defensive.
>
Yes, but I'm tempted to defer fixing this until we see that it's a
problem in reality. The logic to somehow escape such sequences looks a
bit nasty in my head. But perhaps strbuf_expand() is the right hammer
for this use...
Then the logical next question becomes what we should expand it to.
Does "%1" -> "% 1" make sense for IPv6 addresses?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html