[Therion] Hardening flags cause build failure
Wookey
wookey at wookware.org
Fri Oct 11 05:19:39 CEST 2013
+++ Olly Betts [2013-10-09 21:17 +0100]:
> On Wed, Oct 09, 2013 at 06:24:54PM +0100, Wookey wrote:
[hardening flags build issue]
>
> The problem is that the string being printed could contain %-formatting
> codes, and if an attacker can control that string, they can potentially
> overwrite memory (via %n). So you want to write it out the string as a
> literal string by giving a format string of "%s":
>
> fprintf(out->file,"%s",utf2tex(out->layout->units.format_human_length(this->xsize)));
OK, cheers. Therion 5.3.11-2 with the hardening flags enabled, just
uploaded.
Wookey
--
Principal hats: Linaro, Emdebian, Wookware, Balloonboard, ARM
http://wookware.org/
More information about the Therion
mailing list