After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 655935 - printf format string vulnerable by % in source files
printf format string vulnerable by % in source files
Status: RESOLVED FIXED
Product: doxygen
Classification: Other
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: Dimitri van Heesch
Dimitri van Heesch
Depends on:
Blocks:
 
 
Reported: 2011-08-03 23:20 UTC by guanx.bac
Modified: 2012-11-18 11:11 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
source input to generate printf conversion specifiers in format string (36 bytes, application/octet-stream)
2011-08-03 23:20 UTC, guanx.bac 		Details

Description guanx.bac 2011-08-03 23:20:24 UTC 
Created attachment 193206 [details]
source input to generate printf conversion specifiers in format string

The do_warn function (and maybe also others, like that in bug 643279) has a printf format string which may contain characters brought from input source files.

When the input source file is (im)properly written, this format string can contain printf conversion specifiers, and doxygen may crash.

Attached is an example of such source files. Your doxygen may not necessarily crash, but observe the format string transferred to do_warn --

fmt = warning: no matching file member found for 
x f()Possible candidates:
  x f(x)%g%s%s%s x

Segmentation fault
Comment 1 Dimitri van Heesch 2011-08-08 17:02:18 UTC 
Confirmed. Should be fixed in the next subversion update.
Comment 2 Dimitri van Heesch 2011-08-14 14:04:43 UTC 
This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.7.5. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information
that you think can be relevant.