[Libreoffice-commits] core.git: Branch 'aoo/trunk' - 2 commits - cpputools/source crashrep/source extensions/source fpicker/source icc/makefile.mk icc/SampleICC-1.3.2.format-security.patch icu/icu-format-security.patch icu/makefile.mk rsc/source svtools/bmpmaker vcl/source vcl/unx

Don Lewis truckman at apache.org
Wed Aug 31 18:08:43 UTC 2016


 cpputools/source/unoexe/unoexe.cxx            |    4 +-
 crashrep/source/unx/main.cxx                  |    4 +-
 extensions/source/logging/consolehandler.cxx  |    4 +-
 fpicker/source/unx/gnome/SalGtkFilePicker.cxx |    1 
 icc/SampleICC-1.3.2.format-security.patch     |   21 ++++++++++++++
 icc/makefile.mk                               |    2 -
 icu/icu-format-security.patch                 |   12 ++++++++
 icu/makefile.mk                               |    3 +-
 rsc/source/prj/start.cxx                      |    2 -
 svtools/bmpmaker/bmp.cxx                      |    2 -
 svtools/bmpmaker/bmpsum.cxx                   |    2 -
 svtools/bmpmaker/g2g.cxx                      |    2 -
 vcl/source/fontsubset/cff.cxx                 |    4 +-
 vcl/source/fontsubset/sft.cxx                 |   38 +++++++++++++-------------
 vcl/unx/generic/plugadapt/salplug.cxx         |    2 -
 15 files changed, 69 insertions(+), 34 deletions(-)

New commits:
commit 7204bffa5c633d7bc2064e3c643dbacfab79e281
Author: Don Lewis <truckman at apache.org>
Date:   Wed Aug 31 16:12:32 2016 +0000

    Fix -Wformat-security warnings.
    
    There are a number of instances where the code calls *printf() to
    print arbitrary strings and the string is passed as the format
    argument to *printf().  Since these strings might contain %
    conversion sequences, this is a security hazard.  Fix the problem
    by printing the strings with a "%s" format.

diff --git a/cpputools/source/unoexe/unoexe.cxx b/cpputools/source/unoexe/unoexe.cxx
index 34c237b..a842676 100644
--- a/cpputools/source/unoexe/unoexe.cxx
+++ b/cpputools/source/unoexe/unoexe.cxx
@@ -127,7 +127,7 @@ static sal_Bool s_quiet = false;
 static inline void out( const sal_Char * pText )
 {
     if (! s_quiet)
-        fprintf( stderr, pText );
+        fprintf( stderr, "%s", pText );
 }
 //--------------------------------------------------------------------------------------------------
 static inline void out( const OUString & rText )
@@ -135,7 +135,7 @@ static inline void out( const OUString & rText )
     if (! s_quiet)
     {
         OString aText( OUStringToOString( rText, RTL_TEXTENCODING_ASCII_US ) );
-        fprintf( stderr, aText.getStr() );
+        fprintf( stderr, "%s", aText.getStr() );
     }
 }
 
diff --git a/crashrep/source/unx/main.cxx b/crashrep/source/unx/main.cxx
index 28c4052..52505b3 100644
--- a/crashrep/source/unx/main.cxx
+++ b/crashrep/source/unx/main.cxx
@@ -364,7 +364,7 @@ bool SendHTTPRequest(
                 if ( g_bDebugMode )
                 {
                     printf( "*** Sending HTTP request ***\n\n" );
-                    printf( buffer );
+                    printf( "%s", buffer );
                 }
 
                 if ( SOCKET_ERROR != send( s, buffer, strlen(buffer), 0 ) )
@@ -401,7 +401,7 @@ bool SendHTTPRequest(
                         if ( g_bDebugMode )
                             do
                             {
-                                printf( buffer );
+                                printf( "%s", buffer );
                                 memset( buffer, 0, sizeof(buffer) );
                             } while ( 0 < recv( s, buffer, sizeof(buffer), 0 ) );
                     }
diff --git a/extensions/source/logging/consolehandler.cxx b/extensions/source/logging/consolehandler.cxx
index d2c0877..60440bd 100644
--- a/extensions/source/logging/consolehandler.cxx
+++ b/extensions/source/logging/consolehandler.cxx
@@ -245,9 +245,9 @@ namespace logging
             return sal_False;
 
         if ( _rRecord.Level >= m_nThreshold )
-            fprintf( stderr, sEntry.getStr() );
+            fprintf( stderr, "%s", sEntry.getStr() );
         else
-            fprintf( stdout, sEntry.getStr() );
+            fprintf( stdout, "%s", sEntry.getStr() );
 
         return sal_True;
     }
diff --git a/fpicker/source/unx/gnome/SalGtkFilePicker.cxx b/fpicker/source/unx/gnome/SalGtkFilePicker.cxx
index e613d71..d9e42ed 100644
--- a/fpicker/source/unx/gnome/SalGtkFilePicker.cxx
+++ b/fpicker/source/unx/gnome/SalGtkFilePicker.cxx
@@ -1047,6 +1047,7 @@ sal_Int16 SAL_CALL SalGtkFilePicker::execute() throw( uno::RuntimeException )
                                 GTK_DIALOG_MODAL,
                                 GTK_MESSAGE_QUESTION,
                                 GTK_BUTTONS_YES_NO,
+                                  "%s",
                                   OUStringToOString(
                                     aResProvider.getResString( FILE_PICKER_OVERWRITE ),
                                     RTL_TEXTENCODING_UTF8 ).getStr() );
diff --git a/icc/SampleICC-1.3.2.format-security.patch b/icc/SampleICC-1.3.2.format-security.patch
new file mode 100644
index 0000000..d6bd7f8
--- /dev/null
+++ b/icc/SampleICC-1.3.2.format-security.patch
@@ -0,0 +1,21 @@
+diff -ur misc/SampleICC-1.3.2/IccProfLib/IccProfile.cpp misc/build/SampleICC-1.3.2/IccProfLib/IccProfile.cpp
+--- misc/SampleICC-1.3.2/IccProfLib/IccProfile.cpp	2007-08-20 13:05:00.000000000 -0700
++++ misc/build/SampleICC-1.3.2/IccProfLib/IccProfile.cpp	2016-08-30 22:11:34.440105000 -0700
+@@ -1155,7 +1155,7 @@
+ 
+   CIccInfo Info;
+   icChar buf[128];
+-  sprintf(buf, Info.GetSigName(m_Header.deviceClass));
++  sprintf(buf, "%s", Info.GetSigName(m_Header.deviceClass));
+   if (m_Header.deviceClass!=icSigInputClass && m_Header.deviceClass!=icSigDisplayClass) {
+     if (GetTag(icSigGrayTRCTag) || GetTag(icSigRedTRCTag) || GetTag(icSigGreenTRCTag) ||
+        GetTag(icSigBlueTRCTag) || GetTag(icSigRedColorantTag) || GetTag(icSigGreenColorantTag) ||
+@@ -1230,7 +1230,7 @@
+   for (i=m_Tags->begin(); i!=m_Tags->end(); i++) {
+     tagsig = i->TagInfo.sig;
+     typesig = i->pTag->GetType();
+-    sprintf(buf, Info.GetSigName(tagsig));
++    sprintf(buf, "%s", Info.GetSigName(tagsig));
+     if (!IsTypeValid(tagsig, typesig)) {
+       sReport += icValidateNonCompliantMsg;
+       sReport += buf;
diff --git a/icc/makefile.mk b/icc/makefile.mk
index bd0725a..40e8490 100644
--- a/icc/makefile.mk
+++ b/icc/makefile.mk
@@ -34,7 +34,7 @@ TARGET=icc
 
 TARFILE_NAME=SampleICC-1.3.2
 TARFILE_MD5=fdb27bfe2dbe2e7b57ae194d9bf36bab
-PATCH_FILES=$(TARFILE_NAME).patch
+PATCH_FILES=$(TARFILE_NAME).patch $(TARFILE_NAME).format-security.patch
 
 CONVERTFILES= \
     IccProfLib$/IccTagProfSeqId.h \
diff --git a/icu/icu-format-security.patch b/icu/icu-format-security.patch
new file mode 100644
index 0000000..938e5d1
--- /dev/null
+++ b/icu/icu-format-security.patch
@@ -0,0 +1,12 @@
+diff -ur misc/icu/source/tools/ctestfw/uperf.cpp misc/build/icu/source/tools/ctestfw/uperf.cpp
+--- misc/icu/source/tools/ctestfw/uperf.cpp	2009-01-14 23:46:00.000000000 -0800
++++ misc/build/icu/source/tools/ctestfw/uperf.cpp	2016-08-30 22:19:11.917367000 -0700
+@@ -486,7 +486,7 @@
+         this->runIndexedTest( index, FALSE, name );
+         if (!name)
+             break;
+-        fprintf(stdout,name);
++        fprintf(stdout,"%s",name);
+         fprintf(stdout,"\n");
+         index++;
+     }while (name && (name[0] != 0));
diff --git a/icu/makefile.mk b/icu/makefile.mk
index 7129c50..4f68a5b 100644
--- a/icu/makefile.mk
+++ b/icu/makefile.mk
@@ -42,7 +42,8 @@ TARFILE_MD5=
 .ENDIF
 TARFILE_ROOTDIR=icu
 
-PATCH_FILES=${TARFILE_NAME}.patch icu-mp.patch icu-win-layoutex.patch
+PATCH_FILES=${TARFILE_NAME}.patch icu-mp.patch icu-win-layoutex.patch \
+    icu-format-security.patch
 
 # ADDITIONAL_FILES=
 
diff --git a/rsc/source/prj/start.cxx b/rsc/source/prj/start.cxx
index 8b58a0e..70bfca8 100644
--- a/rsc/source/prj/start.cxx
+++ b/rsc/source/prj/start.cxx
@@ -254,7 +254,7 @@ static sal_Bool CallRsc2( ByteString aRsc2Name,
 #ifdef OS2
         fprintf( fRspFile, "%s\n", aSrsName.GetBuffer() );
 #else
-        fprintf( fRspFile, aSrsName.GetBuffer() );
+        fprintf( fRspFile, "%s", aSrsName.GetBuffer() );
 #endif
 
         pString = pInputList->First();
diff --git a/svtools/bmpmaker/bmp.cxx b/svtools/bmpmaker/bmp.cxx
index 59ea14b..4ef153e 100644
--- a/svtools/bmpmaker/bmp.cxx
+++ b/svtools/bmpmaker/bmp.cxx
@@ -157,7 +157,7 @@ void BmpApp::Message( const String& rText, sal_uInt8 cExit )
 
     ByteString aText( rText, RTL_TEXTENCODING_UTF8 );
     aText.Append( "\r\n" );
-    fprintf( stderr, aText.GetBuffer() );
+    fprintf( stderr, "%s", aText.GetBuffer() );
 }
 
 // -----------------------------------------------------------------------------
diff --git a/svtools/bmpmaker/bmpsum.cxx b/svtools/bmpmaker/bmpsum.cxx
index 8f88bcd..e7d50b4 100644
--- a/svtools/bmpmaker/bmpsum.cxx
+++ b/svtools/bmpmaker/bmpsum.cxx
@@ -160,7 +160,7 @@ void BmpSum::Message( const String& rText, sal_uInt8 nExitCode )
 
     ByteString aText( rText, RTL_TEXTENCODING_UTF8 );
     aText.Append( "\r\n" );
-    fprintf( stderr, aText.GetBuffer() );
+    fprintf( stderr, "%s", aText.GetBuffer() );
 }
 
 // -----------------------------------------------------------------------------
diff --git a/svtools/bmpmaker/g2g.cxx b/svtools/bmpmaker/g2g.cxx
index 02167eb..3d10e38 100644
--- a/svtools/bmpmaker/g2g.cxx
+++ b/svtools/bmpmaker/g2g.cxx
@@ -121,7 +121,7 @@ void G2GApp::Message( const String& rText, sal_uInt8 nExitCode )
 
     ByteString aText( rText, RTL_TEXTENCODING_UTF8 );
     aText.Append( "\r\n" );
-    fprintf( stderr, aText.GetBuffer() );
+    fprintf( stderr, "%s", aText.GetBuffer() );
 }
 
 // -----------------------------------------------------------------------------
diff --git a/vcl/source/fontsubset/cff.cxx b/vcl/source/fontsubset/cff.cxx
index 3dca2c8..7670314 100644
--- a/vcl/source/fontsubset/cff.cxx
+++ b/vcl/source/fontsubset/cff.cxx
@@ -2062,7 +2062,7 @@ void Type1Emitter::emitValVector( const char* pLineHead, const char* pLineTail,
         return;
 
     // emit the line head
-    mpPtr += sprintf( mpPtr, pLineHead);
+    mpPtr += sprintf( mpPtr, "%s", pLineHead);
     // emit the vector values
     ValVector::value_type aVal = 0;
     for( ValVector::const_iterator it = rVector.begin();;) {
@@ -2075,7 +2075,7 @@ void Type1Emitter::emitValVector( const char* pLineHead, const char* pLineTail,
     // emit the last value
     mpPtr += dbl2str( mpPtr, aVal);
     // emit the line tail
-    mpPtr += sprintf( mpPtr, pLineTail);
+    mpPtr += sprintf( mpPtr, "%s", pLineTail);
 }
 
 // --------------------------------------------------------------------
diff --git a/vcl/unx/generic/plugadapt/salplug.cxx b/vcl/unx/generic/plugadapt/salplug.cxx
index 5fe4172..e4166d1 100644
--- a/vcl/unx/generic/plugadapt/salplug.cxx
+++ b/vcl/unx/generic/plugadapt/salplug.cxx
@@ -276,7 +276,7 @@ void SalAbort( const XubString& rErrorText )
     if( !rErrorText.Len() )
         std::fprintf( stderr, "Application Error" );
     else
-        std::fprintf( stderr, ByteString( rErrorText, gsl_getSystemTextEncoding() ).GetBuffer() );
+        std::fprintf( stderr, "%s", ByteString( rErrorText, gsl_getSystemTextEncoding() ).GetBuffer() );
     abort();
 }
 
commit e64b208bc03ba75fcc353d5f55d19666cda390d8
Author: Don Lewis <truckman at apache.org>
Date:   Wed Aug 31 16:06:33 2016 +0000

    Fix -Wformat-security warnings.
    
    CreateT3FromTTGlyphs() uses a bunch of "const char *" variables to hold
    the format strings for its fprintf() calls resulting in warnings that
    the format strings for these calls are not string literals.  Suppress
    these warnings by changing the variables to be "const char * const".

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 5a4e652..eec3875 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2000,39 +2000,39 @@ int  CreateT3FromTTGlyphs(TrueTypeFont *ttf, FILE *outf, const char *fname, /*FO
     TTGlyphMetrics metrics;
     int UPEm = ttf->unitsPerEm;
 
-    const char *h01 = "%%!PS-AdobeFont-%d.%d-%d.%d\n";
-    const char *h02 = "%% Creator: %s %s %s\n";
-    const char *h09 = "%% Original font name: %s\n";
+    const char * const h01 = "%%!PS-AdobeFont-%d.%d-%d.%d\n";
+    const char * const h02 = "%% Creator: %s %s %s\n";
+    const char * const h09 = "%% Original font name: %s\n";
 
-    const char *h10 =
+    const char * const h10 =
         "30 dict begin\n"
         "/PaintType 0 def\n"
         "/FontType 3 def\n"
         "/StrokeWidth 0 def\n";
 
-    const char *h11 = "/FontName (%s) cvn def\n";
+    const char * const h11 = "/FontName (%s) cvn def\n";
 
     /*
-      const char *h12 = "%/UniqueID %d def\n";
+      const char * const h12 = "%/UniqueID %d def\n";
     */
-    const char *h13 = "/FontMatrix [.001 0 0 .001 0 0] def\n";
-    const char *h14 = "/FontBBox [%d %d %d %d] def\n";
+    const char * const h13 = "/FontMatrix [.001 0 0 .001 0 0] def\n";
+    const char * const h14 = "/FontBBox [%d %d %d %d] def\n";
 
-    const char *h15=
+    const char * const h15=
         "/Encoding 256 array def\n"
         "    0 1 255 {Encoding exch /.notdef put} for\n";
 
-    const char *h16 = "    Encoding %d /glyph%d put\n";
-    const char *h17 = "/XUID [103 0 0 16#%08X %d 16#%08X 16#%08X] def\n";
+    const char * const h16 = "    Encoding %d /glyph%d put\n";
+    const char * const h17 = "/XUID [103 0 0 16#%08X %d 16#%08X 16#%08X] def\n";
 
-    const char *h30 = "/CharProcs %d dict def\n";
-    const char *h31 = "  CharProcs begin\n";
-    const char *h32 = "    /.notdef {} def\n";
-    const char *h33 = "    /glyph%d {\n";
-    const char *h34 = "    } bind def\n";
-    const char *h35 = "  end\n";
+    const char * const h30 = "/CharProcs %d dict def\n";
+    const char * const h31 = "  CharProcs begin\n";
+    const char * const h32 = "    /.notdef {} def\n";
+    const char * const h33 = "    /glyph%d {\n";
+    const char * const h34 = "    } bind def\n";
+    const char * const h35 = "  end\n";
 
-    const char *h40 =
+    const char * const h40 =
         "/BuildGlyph {\n"
         "  exch /CharProcs get exch\n"
         "  2 copy known not\n"
@@ -2045,7 +2045,7 @@ int  CreateT3FromTTGlyphs(TrueTypeFont *ttf, FILE *outf, const char *fname, /*FO
         "} bind def\n"
         "currentdict end\n";
 
-    const char *h41 = "(%s) cvn exch definefont pop\n";
+    const char * const h41 = "(%s) cvn exch definefont pop\n";
 
 
     if (!((nGlyphs > 0) && (nGlyphs <= 256))) return SF_GLYPHNUM;


More information about the Libreoffice-commits mailing list