[Bug 4015] New: invalid printf(ptr); on applets/usage_pod.c

bugzilla at busybox.net bugzilla at busybox.net
Thu Jul 28 07:26:37 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=4015

           Summary: invalid printf(ptr); on applets/usage_pod.c
           Product: Busybox
           Version: unspecified
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Standard Compliance
        AssignedTo: unassigned at busybox.net
        ReportedBy: semibiotic at mail.ru
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


Good time of day,

On module applets/usage_pod.c, there is invalid printf() call w/ raw string
pointer as format. 

  on 1.18-stable it look like 

     printf(usage_array[i].aname);

(applets/usage_pod.c:74)

This method (causes resonable compiler warnings) is used with no visible reason
(and/or comments) - there is no any post-format arguments. It's not quite
exploitable as security hole (because uses compiled-in string array), but that
isn't makes it less ugly.

I would switch it with "printf("%s", ptr);" or "fputs(ptr, stdout);", which
both, though, take more .text memory.

Kind regards.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list