[vlc-devel] Re: [PATCH] Fix formats in printf() calls
rem at videolan.org
Mon Nov 28 16:40:55 CET 2005
Le Lundi 28 Novembre 2005 00:48, Diego 'Flameeyes' Pettenò a écrit :
> The attached patch fixes some printf() calls to use "%s" and avoid
> possible problems with formats.
I did apply the fix to the HTTP control module. However, you should note
that the macro involved is not used anywhere in the code, so it's not
really a security bug in release 0.8.4.
As for the osd fixes, there aren't format strings bugs, because we
normally trust gettext input (disable NLS if you don't). On the other
hand, the sprintf() involved seem to both include on off-by-one
overflow bug which should be fixed in the trunk : in both case, we have
a malloc(strlen()), instead of malloc(strlen()+1) to fit the '\0'.
Thanks for the report.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the vlc-devel