[PATCH 0/4] os/log: fixes for timestamps and malicious devices
Julien Cristau
jcristau at debian.org
Mon May 28 04:10:16 PDT 2012
On Wed, Apr 18, 2012 at 17:51:49 +0800, Daniel Kurtz wrote:
> Input drivers like to prepend the device name to logging messages using
> LogVHdrMessageVerb(). The current implementation of this function used the
> output of a snprintf() as the format string of another snprintf(). This is a
> big no-no, as a device name containing format strings could cause "Bad Things"
> to happen.
>
As far as I can tell this was introduced by
8764782f6de56a9dc5e9d5a8e9fb616a8ddb2f7c (and
40d5a019352fa8f12230c863e11cbb1f6258a93e) in 1.10, and earlier versions
aren't affected by this particular issue with input device names. Can
you confirm?
Thanks,
Julien
More information about the xorg-devel
mailing list