This patch was prompted by warnings like this:

  util.c:56: warning: format not a string literal and no format arguments

and they're legitimate.

Imagine a format string contains "%%..." goes through the vnsprintf
call, which reduces it to "%...".  If the result string is then passed
to __virRaiseError as the format string, then *boom*.
Instead, use "%s" as the format, with the non-literal as
the matching argument.  Patch below.

I searched the sources for %% and *did* find one potential problem:

    $ git-grep -B1 %% > k
    po/ms.po-msgid "too many drivers registered in %s"
    po/ms.po:msgstr "terlalu banyak spesifikasi penukaran %% pada suffiks"
    --
    src/xend_internal.c-            case '\n':
    src/xend_internal.c:                snprintf(ptr, 4, "%%%02x", string[i]);

since "% p" does happen to be a valid format string!
So if someone using Malaysian messages provoked that particular
diagnostic in a code path that takes it through __virRaiseError,
bad things might happen.  Big "if", of course :-)  I didn't try.

2007-11-06  Jim Meyering  <[EMAIL PROTECTED]>

        Avoid risk of format string abuse (also avoids gcc warnings).
        * src/util.c (ReportError): Use a literal "%s" format string.
        * src/remote_internal.c (server_error): Likewise.
        * src/qemu_conf.c (qemudReportError): Likewise.

--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to