Re: [Nautilus-list] Format string vulnerabilities in gnome-db2html2

From: Ali Abdin <aliabdin aucegypt edu>
To: Richard Boulton <richard tartarus org>
Cc: Darin Adler <darin eazel com>, nautilus-list lists eazel com
Subject: Re: [Nautilus-list] Format string vulnerabilities in gnome-db2html2
Date: Sat, 17 Feb 2001 15:52:43 +0200

On 16 Feb 2001 14:49:34 +0000, Richard Boulton wrote:
> I got a few segmentation faults from gnome-db2html2, and have traced them
> to occurences of the '%' character in my documentation.  Looking at the
> code, there are multiple format string problems, in the form of
> sect_print() being called with a user-specified string as its second
> argument, which is then passed to printf (actually g_strdup_vprintf).
> 
> I attach a patch which fixes these problems, and now I can actually
> generate the gstreamer documentation. :)  This patch is combined with the
> previous patch I posted half an hour ago, but shouldn't be at all confusing
> to examine.
> 
> I have CVS write access; if you okay it, I would be happy to commit this
> patch and the previous patch.

Please go ahead and commit then :)

Don't forget to write a ChangeLog entry though, and list me in the
'Reviewed By:' section.

Regards,
Ali

References:
- [Nautilus-list] Format string vulnerabilities in gnome-db2html2
  - From: Richard Boulton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]