Re: [Mesa-dev] [PATCH mesa-demos 1/6] es1_info: convert indentString into a literal string
Thanks, I've applied the patch series.
-Brian
On 01/06/2011 09:09 AM, Paulo Zanoni wrote:
This fixes compilation with -Wformat -Werror=format-security. Some
distros like Mandriva enable this flag by default. Its purpose is to
improve security.
Another option for this patch would be to do
printf(%s, indentString), but converting indentString into a literal
also gives the compiler some hints to improve performance.
Signed-off-by: Paulo Zanonipzan...@mandriva.com
---
By the way, combining this patch with a printf(%s, indentString) would
make the code even safer. The last patch of this series does this change, so
you can choose to apply it or not.
Using printf(string); is dangerous, might lead to bugs and even
security issues. If the string being printed contains the % character
one can do really dangerous things. Even if you think the string in
question might not be dangerous, future code changes might lead that
piece of code to bugs or security holes.
Some references:
http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments
http://wiki.debian.org/Hardening#DEBBUILDHARDENINGFORMAT.28gcc.2BAC8-g.2B-.2B--Wformat-Wformat-security.29
http://en.wikipedia.org/wiki/Format_string_attack
See also How To Write Shared Libraries Section 2.4.1, written by Ulrich
Drepper for more information on the difference between 'char *foo = bar'
and 'char foo[] = bar'
src/egl/opengles1/es1_info.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/egl/opengles1/es1_info.c b/src/egl/opengles1/es1_info.c
index 93816b5..38becc5 100644
--- a/src/egl/opengles1/es1_info.c
+++ b/src/egl/opengles1/es1_info.c
@@ -29,7 +29,7 @@
static void
print_extension_list(const char *ext)
{
- const char *indentString = ;
+ const char indentString[] = ;
const int indent = 4;
const int max = 79;
int width, i, j;
___
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
[Mesa-dev] [PATCH mesa-demos 1/6] es1_info: convert indentString into a literal string
This fixes compilation with -Wformat -Werror=format-security. Some
distros like Mandriva enable this flag by default. Its purpose is to
improve security.
Another option for this patch would be to do
printf(%s, indentString), but converting indentString into a literal
also gives the compiler some hints to improve performance.
Signed-off-by: Paulo Zanoni pzan...@mandriva.com
---
By the way, combining this patch with a printf(%s, indentString) would
make the code even safer. The last patch of this series does this change, so
you can choose to apply it or not.
Using printf(string); is dangerous, might lead to bugs and even
security issues. If the string being printed contains the % character
one can do really dangerous things. Even if you think the string in
question might not be dangerous, future code changes might lead that
piece of code to bugs or security holes.
Some references:
http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments
http://wiki.debian.org/Hardening#DEBBUILDHARDENINGFORMAT.28gcc.2BAC8-g.2B-.2B--Wformat-Wformat-security.29
http://en.wikipedia.org/wiki/Format_string_attack
See also How To Write Shared Libraries Section 2.4.1, written by Ulrich
Drepper for more information on the difference between 'char *foo = bar'
and 'char foo[] = bar'
src/egl/opengles1/es1_info.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/egl/opengles1/es1_info.c b/src/egl/opengles1/es1_info.c
index 93816b5..38becc5 100644
--- a/src/egl/opengles1/es1_info.c
+++ b/src/egl/opengles1/es1_info.c
@@ -29,7 +29,7 @@
static void
print_extension_list(const char *ext)
{
- const char *indentString = ;
+ const char indentString[] = ;
const int indent = 4;
const int max = 79;
int width, i, j;
--
1.7.1
___
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
