Re: [xml] Review of xmlGenericError use

From: Daniel Veillard <veillard redhat com>
To: Justin Fletcher <justin fletcher ntlworld com>
Cc: xml gnome org
Subject: Re: [xml] Review of xmlGenericError use
Date: Sat, 27 Oct 2001 12:10:57 -0400

On Sat, Oct 27, 2001 at 02:07:22PM +0100, Justin Fletcher wrote:

Hiya,

I'm looking through these because... well, I thought it was a good idea
to check that they were valid and had a few spare minutes which I decided
to use on this...

error.c:264 :

    xmlGenericError(xmlGenericErrorContext, "error: ");
    XML_GET_VAR_STR(msg, str);
    xmlGenericError(xmlGenericErrorContext, str);
    if (str != NULL)
      xmlFree(str);

Should have the third line saying :

    xmlGenericError(xmlGenericErrorContext, "%s", str);

because str is the formatted form and may contain %'s from the users
input embedded in the formatted version.


  Yep, it's BAAAD, and there is a few places where the convention are not
respected.

Other parts of this file have similar problems.

[diffs attached as error.diff]

nanoftp.c:759 (and others) have a very similar issue for user names,
passwords, and a few other bits;

[diffs attached as nanoftp/diff]


  thanks for the diff, I gonna appy them ASAP,

I couldn't find any similar problems in libxslt.
I couldn't find any problems with the sax->error(context, format...) calls,
either.

Please understand that this was a /really/ quick look through the code for
this problem, so I may have missed some places.


  There might be a few other places, thanks a lot !

Daniel

-- 
Daniel Veillard      | Red Hat Network http://redhat.com/products/network/
veillard redhat com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

References:
- [xml] Review of xmlGenericError use
  - From: Justin Fletcher

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]