[Bug 1580348] [NEW] mksh 52c bi_errorf(Tbadsubst) format string is not a string literal
Thorsten Glaser
1580348 at bugs.launchpad.net
Tue May 10 22:52:34 UTC 2016
Chih-Hung Hsieh dixit:
>change
> bi_errorf(Tbadsubst);
>to
> bi_errorf0(Tbadsubst);
>where bi_errorf0 is declared as
> void bi_errorf0(const char *); // without format check
>and implemented as a weak alias:
> void bi_errorf0(const char *s) __attribute__((weak, alias("bi_errorf")));
For the record: this is both compiler-specific (there’s no direct
use of __attribute__ in the code, and there must not be any use
that can’t be done with other compilers either) and insecure. DO
NOT DO THAT. Those strings are actually format strings and treated
as such.
bye,
//mirabilos
--
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mksh in Ubuntu.
https://bugs.launchpad.net/bugs/1580348
Title:
mksh 52c bi_errorf(Tbadsubst) format string is not a string literal
Status in mksh package in Ubuntu:
New
Bug description:
Lastest mksh/histrap.c (R52c) has a warning from clang/llvm compiler.
It is a tricky use of pointer to the middle of string literals,
which is recognized by gcc but not clang/llvm.
This warning now blocks mksh upgrade in Android open source.
Could you fix the following warning and other places that use
bi_errorf(Tbadsubst) or internal_errorf(Tbadsubst)?
histrap.c:220:15: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
bi_errorf(Tbadsubst);
^~~~~~~~~
sh.h:891:19: note: expanded from macro 'Tbadsubst'
#define Tbadsubst (Tfg_badsubst + 10) /* "bad substitution" */
^~~~~~~~~~~~~~~~~~
The warning can be fixed by changing
bi_errorf(Tbadsubst);
to
bi_errorf("%s", Tbadsubst);
If adding a few bytes is not acceptable, could you change
bi_errorf(Tbadsubst);
to
bi_errorf0(Tbadsubst);
where bi_errorf0 is declared as
void bi_errorf0(const char *); // without format check
and implemented as a weak alias:
void bi_errorf0(const char *s) __attribute__((weak, alias("bi_errorf")));
Attached file is a suggested patch to compile with Android.
Thanks.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mksh/+bug/1580348/+subscriptions
More information about the foundations-bugs
mailing list