On Thu, Jul 17, 2008 at 02:17:53AM -0700, [EMAIL PROTECTED] wrote: >Author: vda >Date: 2008-07-17 02:17:51 -0700 (Thu, 17 Jul 2008) >New Revision: 22854 > >Log: >printf: protect against bogus format specifiers. Hopefully closes bug 4184 > > > >Modified: > trunk/busybox/coreutils/printf.c > trunk/busybox/testsuite/printf.tests > > >Changeset: >Modified: trunk/busybox/coreutils/printf.c >=================================================================== >--- trunk/busybox/coreutils/printf.c 2008-07-17 08:48:13 UTC (rev 22853) >+++ trunk/busybox/coreutils/printf.c 2008-07-17 09:17:51 UTC (rev 22854) >@@ -251,10 +252,12 @@ > ++f; > ++direc_length; > } >- /* >- if (!strchr ("diouxXfeEgGcs", *f)) >- fprintf(stderr, "%%%c: invalid directive", *f); >- */ >+ /* needed - try "printf %" without it */ >+ if (!strchr("diouxXfeEgGcs", *f)) { >+ bb_error_msg("invalid directive '%s'", >direc_start);
not sure if that will work out ok. missing 'z' (for size_t)? and what about glibc's register_printf_function()? _______________________________________________ busybox mailing list busybox@busybox.net http://busybox.net/cgi-bin/mailman/listinfo/busybox