John Ralls <[email protected]> writes:
>>> - PWARN(str.str().c_str());
>>> + PWARN("%s", str.str().c_str());
>>> What's the difference here?
>>>
>>>
>>
>> I mean, I see that if the string is, for instance, "%s", nothing is output.
>> But did this come up, or did you catch it visually while looking through
>> the code.
>
> master's nightly failed. I thought I'd tested it before committing,
> but when I tried again this morning it failed.
>
> The issue is that gcc will happily a single-argument invocation of
> PWARN(format, ...) but g++ --at least the version in MinGW--won't.
Even worse, the original code could cause the app to crash if the
provided string has some printf codes in it; causing printf to read into
invalid memory.
This is the correct fix both programatically as well as from a security
point of view. You should never pass a (user-supplied) variable into
the "format" input of a *printf function.
Thanks for fixing this, John.
> Regards,
> John Ralls
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[email protected] PGP key available
_______________________________________________
gnucash-devel mailing list
[email protected]
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
