A message that contains a '%' character will cause Tcl to raise an error
at the format in record_test in lib/framework.exp on line 803 as of
commit 81651abb04defb181f9c98bfcc55e077dcaea452. This is a "classic"
format string vulnerability, except that Tcl catches it and raises an error.
patch:
diff --git a/lib/framework.exp b/lib/framework.exp
index 6cb93c5..9dd0b90 100644
--- a/lib/framework.exp
+++ b/lib/framework.exp
@@ -800,7 +800,7 @@ proc record_test { type message args } {
global multipass_name
if { $multipass_name != "" } {
- set message [format "$type: %s: $message" "$multipass_name"]
+ set message [format "$type: %s: %s" "$message" "$multipass_name"]
} else {
set message "$type: $message"
}
-- Jacob
_______________________________________________
Bug-dejagnu mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-dejagnu
