[PATCH imake] Replace fprintf with fputs
Alan Coopersmith
alan.coopersmith at oracle.com
Sat Aug 17 10:23:30 PDT 2013
On 08/17/13 08:55 AM, Ángel González wrote:
> On 17/08/13 14:17, Julien Cristau wrote:
>> Fixes build failure with -Werror=format-security:
>> imake.c:1008:5: error: format not a string literal and no format arguments
>> [-Werror=format-security]
>> fprintf (inFile, command);
>> ^
>>
>> Signed-off-by: Julien Cristau<jcristau at debian.org>
>
> Interesting. This would usually be a typical security issue.
> (‘security’ as it would allow a malformed file to crash imake or maybe even code
> execution). But the fact that the file is the output of a file where the only
> variation is in integer numbers and whose source code is hardcoded into imake...
> it is just peculiar.
Right - if the input was coming from an untrusted source, we'd have something to
worry about, but as it's coming from a source completely under Imake's control,
there is no security vulnerability here, just making the code more robust &
efficient by not having to parse the string, and clearing a warning about the
format string so it's easier to find the real issues in our code base.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list