On Mon, May 28, 2012 at 4:10 AM, Julien Cristau <[email protected]> wrote: > > On Wed, Apr 18, 2012 at 17:51:49 +0800, Daniel Kurtz wrote: > > > Input drivers like to prepend the device name to logging messages using > > LogVHdrMessageVerb(). The current implementation of this function used the > > output of a snprintf() as the format string of another snprintf(). This is > > a > > big no-no, as a device name containing format strings could cause "Bad > > Things" > > to happen. > > > As far as I can tell this was introduced by > 8764782f6de56a9dc5e9d5a8e9fb616a8ddb2f7c (and > 40d5a019352fa8f12230c863e11cbb1f6258a93e) in 1.10, and earlier versions > aren't affected by this particular issue with input device names. Can > you confirm? > That sounds correct.
> > Thanks, > Julien _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
