bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#10592: Bug#655118: Please enabled hardened build flags

From: Eli Zaretskii
Subject: bug#10592: Bug#655118: Please enabled hardened build flags
Date: Tue, 24 Jan 2012 01:06:40 -0500 
> From: Rob Browning <rlb@defaultvalue.org>
> Date: Mon, 23 Jan 2012 23:05:26 -0600
> Cc: 655118@bugs.debian.org, 655118-forwarded@bugs.debian.org,
>       Moritz Mühlenhoff <jmm@inutil.org>
> 
> --- emacs23-23.3+1.orig/lib-src/movemail.c    2011-12-29 05:07:27.000000000 
> +0100
> +++ emacs23-23.3+1/lib-src/movemail.c 2012-01-08 17:31:22.000000000 +0100
> @@ -615,11 +615,11 @@
>  {
>    fprintf (stderr, "movemail: ");
>    if (s3)
> -    fprintf (stderr, s1, s2, s3);
> +    fprintf (stderr, "%s%s%s", s1, s2, s3);
>    else if (s2)
> -    fprintf (stderr, s1, s2);
> +    fprintf (stderr, "%s%s", s1, s2);
>    else
> -    fprintf (stderr, s1);
> +    fprintf (stderr, "%s", s1);
>    fprintf (stderr, "\n");
>  }

How can this possibly be TRT?  The commentary to this function says:

  /* Print error message.  `s1' is printf control string, `s2' and `s3'
     are args for it or null. */

If S1 is the printf control string, how will printing it with %s DTRT?
E.g., in this invocation:

      error ("Error connecting to POP server: %s", pop_error, 0);

or in this one:

      error ("Error in open: %s, %s", strerror (errno), outfile);

I think the right fix for this is to declare `error' with the
appropriate printf attribute.  Alternatively, you could use variable
argument lists and call vprintf instead.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]