After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 720883 - gladeui: fix a pair of printf security problems
gladeui: fix a pair of printf security problems
Product: glade
Classification: Applications
Component: general
Other All
: Normal normal
: ---
Assigned To: Glade 3 Maintainers
Glade 3 Maintainers
Depends on:
Reported: 2013-12-21 16:06 UTC by Allison Karlitskaya (desrt)
Modified: 2013-12-21 20:34 UTC
See Also:
GNOME target: ---
GNOME version: ---

gladeui: fix a pair of printf security problems (3.11 KB, patch)
2013-12-21 16:06 UTC, Allison Karlitskaya (desrt)
none Details | Review

Description Allison Karlitskaya (desrt) 2013-12-21 16:06:37 UTC
Looks like clang's pedantic treatment of format strings actually turned
up a real bug for a change... two, in fact.
Comment 1 Allison Karlitskaya (desrt) 2013-12-21 16:06:39 UTC
Created attachment 264692 [details] [review]
gladeui: fix a pair of printf security problems

In two cases, gladeui was doing the equivalent of

  printf (var);

instead of the correct (and safe):

  printf ("%s", var);

This was caught by clang's pedantic treatment of non-literal format
strings forcing me to add G_GNUC_PRINTF attributes to functions
operating on format strings (which in turn caught the problem).  Those
changes are also included here.
Comment 2 Juan Pablo Ugarte 2013-12-21 20:34:21 UTC
Good catch, pushed in master