Ben Elliston wrote:
On Sat, Oct 27, 2018 at 11:48:08PM -0500, Jacob Bachmeyer wrote:
A message that contains a '%' character will cause Tcl to raise an
error at the format in record_test in lib/framework.exp on line 803
as of commit 81651abb04defb181f9c98bfcc55e077dcaea452. This is a
"classic" format string vulnerability, except that Tcl catches it
and raises an error.
That bug goes all the way back to 2001, when lib/framework.exp was first
checked in to whatever became the current Git repository, so documenting
a way to detect the bugfix might be helpful -- a testsuite can work
around the bug by doubling any '%' characters, but after the bug is
fixed, that will result in "%%" in the output.
Perhaps [regexp {%s: \$message} [info body record_test]] would return
true iff running under an affected framework version? Or should
testsuites simply require the bug be fixed? Should that test still be
done in order to produce a clear error message if using an affected
DejaGnu version?
On a related note, I note that the DejaGnu testsuite does not test the
multipass feature, nor does the feature seem to be properly documented.
Where would be the best place to insert something in the manual
describing MULTIPASS? (And where are the DocBook sources in Git, or is
Texinfo the master format now? If the latter, README and possibly more
should be updated.)
How best to test MULTIPASS? (A simple regression test would have
instantly caught my previous mistake.) What are the specifications for
MULTIPASS?
-- Jacob
_______________________________________________
Bug-dejagnu mailing list
Bug-dejagnu@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-dejagnu