+++ Olly Betts [2013-10-09 21:17 +0100]: > On Wed, Oct 09, 2013 at 06:24:54PM +0100, Wookey wrote: [hardening flags build issue] > > The problem is that the string being printed could contain %-formatting > codes, and if an attacker can control that string, they can potentially > overwrite memory (via %n). So you want to write it out the string as a > literal string by giving a format string of "%s": > > > fprintf(out->file,"%s",utf2tex(out->layout->units.format_human_length(this->xsize)));
OK, cheers. Therion 5.3.11-2 with the hardening flags enabled, just uploaded. Wookey -- Principal hats: Linaro, Emdebian, Wookware, Balloonboard, ARM http://wookware.org/
