Bug #60948 [Asn->Csd]: mysqlnd FTBFS when -Wformat-security is enabled

Mon, 05 Mar 2012 15:57:51 -0800 

Edit report at https://bugs.php.net/bug.php?id=60948&edit=1

 ID:                 60948
 Updated by:         johan...@php.net
 Reported by:        ond...@php.net
 Summary:            mysqlnd FTBFS when -Wformat-security is enabled
-Status:             Assigned
+Status:             Closed
 Type:               Bug
 Package:            MySQL related
 Operating System:   Any
 PHP Version:        5.4.0RC6
 Assigned To:        mysql
 Block user comment: N
 Private report:     N

 New Comment:

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------
[2012-03-05 23:55:04] johan...@php.net

Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&revision=323929
Log: Fix bug #60948 mysqlnd FTBFS when -Wformat-security is enabled

# 5.3 not affected

------------------------------------------------------------------------
[2012-02-01 13:37:24] johan...@php.net

As a remark: The patch is not strictly needed - the msg is a const char* 
without any risk of injecting anything ... therefore not critical.

------------------------------------------------------------------------
[2012-02-01 13:34:47] johan...@php.net

Patch looks good, checking with RM before committing.

------------------------------------------------------------------------
[2012-02-01 13:10:40] ond...@php.net

Description:
------------
$ svn diff
Index: ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- ext/mysqlnd/mysqlnd_wireprotocol.c  (revision 322993)
+++ ext/mysqlnd/mysqlnd_wireprotocol.c  (working copy)
@@ -500,7 +500,7 @@
                        const char * const msg = "Authentication data too long. 
"
                                "Won't fit into the buffer and will be 
truncated. Authentication will thus fail";
                        SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, 
UNKNOWN_SQLSTATE, msg);
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
                        DBG_RETURN(0);
                }               
                




------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60948&edit=1

Reply via email to