[Bug 1580348] [NEW] mksh 52c bi_errorf(Tbadsubst) format string is not a string literal

Thorsten Glaser 1580348 at bugs.launchpad.net
Tue May 10 22:52:34 UTC 2016 

Chih-Hung Hsieh dixit:

>change
>   bi_errorf(Tbadsubst);
>to
>   bi_errorf0(Tbadsubst);
>where bi_errorf0 is declared as
>   void bi_errorf0(const char *);  // without format check
>and implemented as a weak alias:
>   void bi_errorf0(const char *s) __attribute__((weak, alias("bi_errorf")));

For the record: this is both compiler-specific (there’s no direct
use of __attribute__ in the code, and there must not be any use
that can’t be done with other compilers either) and insecure. DO
NOT DO THAT. Those strings are actually format strings and treated
as such.

bye,
//mirabilos
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
	-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mksh in Ubuntu.
https://bugs.launchpad.net/bugs/1580348

Title:
  mksh 52c bi_errorf(Tbadsubst) format string is not a string literal

Status in mksh package in Ubuntu:
  New

Bug description:
  Lastest mksh/histrap.c (R52c) has a warning from clang/llvm compiler.
  It is a tricky use of pointer to the middle of string literals,
  which is recognized by gcc but not clang/llvm.

  This warning now blocks mksh upgrade in Android open source.
  Could you fix the following warning and other places that use
  bi_errorf(Tbadsubst) or internal_errorf(Tbadsubst)?

  histrap.c:220:15: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
                                  bi_errorf(Tbadsubst);
                                            ^~~~~~~~~
  sh.h:891:19: note: expanded from macro 'Tbadsubst'
  #define Tbadsubst       (Tfg_badsubst + 10)     /* "bad substitution" */
                          ^~~~~~~~~~~~~~~~~~

  
  The warning can be fixed by changing
     bi_errorf(Tbadsubst);
  to
     bi_errorf("%s", Tbadsubst);

  If adding a few bytes is not acceptable, could you change
     bi_errorf(Tbadsubst);
  to
     bi_errorf0(Tbadsubst);
  where bi_errorf0 is declared as
     void bi_errorf0(const char *);  // without format check
  and implemented as a weak alias:
     void bi_errorf0(const char *s) __attribute__((weak, alias("bi_errorf")));

  
  Attached file is a suggested patch to compile with Android.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mksh/+bug/1580348/+subscriptions

More information about the foundations-bugs mailing list