Re: [Nautilus-list] Format string vulnerabilities in gnome-db2html2
- From: Ali Abdin <aliabdin aucegypt edu>
- To: Richard Boulton <richard tartarus org>
- Cc: Darin Adler <darin eazel com>, nautilus-list lists eazel com
- Subject: Re: [Nautilus-list] Format string vulnerabilities in gnome-db2html2
- Date: Sat, 17 Feb 2001 15:52:43 +0200
On 16 Feb 2001 14:49:34 +0000, Richard Boulton wrote:
> I got a few segmentation faults from gnome-db2html2, and have traced them
> to occurences of the '%' character in my documentation. Looking at the
> code, there are multiple format string problems, in the form of
> sect_print() being called with a user-specified string as its second
> argument, which is then passed to printf (actually g_strdup_vprintf).
> I attach a patch which fixes these problems, and now I can actually
> generate the gstreamer documentation. :) This patch is combined with the
> previous patch I posted half an hour ago, but shouldn't be at all confusing
> to examine.
> I have CVS write access; if you okay it, I would be happy to commit this
> patch and the previous patch.
Please go ahead and commit then :)
Don't forget to write a ChangeLog entry though, and list me in the
'Reviewed By:' section.
] [Thread Prev