[Bug 4015] New: invalid printf(ptr); on applets/usage_pod.c
bugzilla at busybox.net
bugzilla at busybox.net
Thu Jul 28 07:26:37 UTC 2011
https://bugs.busybox.net/show_bug.cgi?id=4015
Summary: invalid printf(ptr); on applets/usage_pod.c
Product: Busybox
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Standard Compliance
AssignedTo: unassigned at busybox.net
ReportedBy: semibiotic at mail.ru
CC: busybox-cvs at busybox.net
Estimated Hours: 0.0
Good time of day,
On module applets/usage_pod.c, there is invalid printf() call w/ raw string
pointer as format.
on 1.18-stable it look like
printf(usage_array[i].aname);
(applets/usage_pod.c:74)
This method (causes resonable compiler warnings) is used with no visible reason
(and/or comments) - there is no any post-format arguments. It's not quite
exploitable as security hole (because uses compiled-in string array), but that
isn't makes it less ugly.
I would switch it with "printf("%s", ptr);" or "fputs(ptr, stdout);", which
both, though, take more .text memory.
Kind regards.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list