Re: [xml] Review of xmlGenericError use

On Sat, Oct 27, 2001 at 02:07:22PM +0100, Justin Fletcher wrote:

I'm looking through these because... well, I thought it was a good idea
to check that they were valid and had a few spare minutes which I decided
to use on this...

error.c:264 :

    xmlGenericError(xmlGenericErrorContext, "error: ");
    XML_GET_VAR_STR(msg, str);
    xmlGenericError(xmlGenericErrorContext, str);
    if (str != NULL)

Should have the third line saying :

    xmlGenericError(xmlGenericErrorContext, "%s", str);

because str is the formatted form and may contain %'s from the users
input embedded in the formatted version.

  Yep, it's BAAAD, and there is a few places where the convention are not

Other parts of this file have similar problems.

[diffs attached as error.diff]

nanoftp.c:759 (and others) have a very similar issue for user names,
passwords, and a few other bits;

[diffs attached as nanoftp/diff]

  thanks for the diff, I gonna appy them ASAP,

I couldn't find any similar problems in libxslt.
I couldn't find any problems with the sax->error(context, format...) calls,

Please understand that this was a /really/ quick look through the code for
this problem, so I may have missed some places.

  There might be a few other places, thanks a lot !


Daniel Veillard      | Red Hat Network
veillard redhat com  | libxml Gnome XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]