On Thu, Jul 17, 2008 at 02:17:53AM -0700, [EMAIL PROTECTED] wrote:
>Author: vda
>Date: 2008-07-17 02:17:51 -0700 (Thu, 17 Jul 2008)
>New Revision: 22854
>
>Log:
>printf: protect against bogus format specifiers. Hopefully closes bug 4184
>
>
>
>Modified:
> trunk/busybox/coreutils/printf.c
> trunk/busybox/testsuite/printf.tests
>
>
>Changeset:
>Modified: trunk/busybox/coreutils/printf.c
>===================================================================
>--- trunk/busybox/coreutils/printf.c 2008-07-17 08:48:13 UTC (rev 22853)
>+++ trunk/busybox/coreutils/printf.c 2008-07-17 09:17:51 UTC (rev 22854)
>@@ -251,10 +252,12 @@
> ++f;
> ++direc_length;
> }
>- /*
>- if (!strchr ("diouxXfeEgGcs", *f))
>- fprintf(stderr, "%%%c: invalid directive", *f);
>- */
>+ /* needed - try "printf %" without it */
>+ if (!strchr("diouxXfeEgGcs", *f)) {
>+ bb_error_msg("invalid directive '%s'",
>direc_start);
not sure if that will work out ok.
missing 'z' (for size_t)?
and what about glibc's register_printf_function()?
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
