Hi, On 18 April 2012 10:51, Daniel Kurtz <[email protected]> wrote: > Input drivers like to prepend the device name to logging messages using > LogVHdrMessageVerb(). The current implementation of this function used the > output of a snprintf() as the format string of another snprintf(). This is a > big no-no, as a device name containing format strings could cause "Bad Things" > to happen.
... really? If the kernel, root (given that /dev/input is 600 root:root by default) or your keyboard hardware is trying to attack you, I'm pretty sure format strings in device names are the least of your worries. Cheers, Daniel _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
