[Mesa-dev] [PATCH mesa-demos 1/6] es1_info: convert indentString into a literal string
Brian Paul
brianp at vmware.com
Fri Jan 7 06:33:33 PST 2011
Thanks, I've applied the patch series.
-Brian
On 01/06/2011 09:09 AM, Paulo Zanoni wrote:
> This fixes compilation with "-Wformat -Werror=format-security". Some
> distros like Mandriva enable this flag by default. Its purpose is to
> improve security.
>
> Another option for this patch would be to do
> "printf("%s", indentString)", but converting indentString into a literal
> also gives the compiler some hints to improve performance.
>
> Signed-off-by: Paulo Zanoni<pzanoni at mandriva.com>
> ---
>
> By the way, combining this patch with a "printf("%s", indentString)" would
> make the code even safer. The last patch of this series does this change, so
> you can choose to apply it or not.
>
> Using "printf(string);" is dangerous, might lead to bugs and even
> security issues. If the string being printed contains the "%" character
> one can do really dangerous things. Even if you think the string in
> question might not be dangerous, future code changes might lead that
> piece of code to bugs or security holes.
>
> Some references:
> http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments
> http://wiki.debian.org/Hardening#DEBBUILDHARDENINGFORMAT.28gcc.2BAC8-g.2B-.2B--Wformat-Wformat-security.29
> http://en.wikipedia.org/wiki/Format_string_attack
>
> See also "How To Write Shared Libraries" Section 2.4.1, written by Ulrich
> Drepper for more information on the difference between 'char *foo = "bar"'
> and 'char foo[] = "bar"'
>
>
> src/egl/opengles1/es1_info.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/egl/opengles1/es1_info.c b/src/egl/opengles1/es1_info.c
> index 93816b5..38becc5 100644
> --- a/src/egl/opengles1/es1_info.c
> +++ b/src/egl/opengles1/es1_info.c
> @@ -29,7 +29,7 @@
> static void
> print_extension_list(const char *ext)
> {
> - const char *indentString = " ";
> + const char indentString[] = " ";
> const int indent = 4;
> const int max = 79;
> int width, i, j;
More information about the mesa-dev
mailing list