Bug 720883 – gladeui: fix a pair of printf security problems

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 720883 - gladeui: fix a pair of printf security problems


Summary:	gladeui: fix a pair of printf security problems


Status:	RESOLVED FIXED

Product:	glade
Classification:	Applications
Component:	general
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Glade 3 Maintainers
QA Contact:	Glade 3 Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-12-21 16:06 UTC by Allison Karlitskaya (desrt)
Modified:	2013-12-21 20:34 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gladeui: fix a pair of printf security problems (3.11 KB, patch) 2013-12-21 16:06 UTC, Allison Karlitskaya (desrt)	none	Details \| Review

Description Allison Karlitskaya (desrt) 2013-12-21 16:06:37 UTC

Looks like clang's pedantic treatment of format strings actually turned
up a real bug for a change... two, in fact.

Comment 1 Allison Karlitskaya (desrt) 2013-12-21 16:06:39 UTC

Created attachment 264692 [details] [review]
gladeui: fix a pair of printf security problems

In two cases, gladeui was doing the equivalent of

  printf (var);

instead of the correct (and safe):

  printf ("%s", var);

This was caught by clang's pedantic treatment of non-literal format
strings forcing me to add G_GNUC_PRINTF attributes to functions
operating on format strings (which in turn caught the problem).  Those
changes are also included here.

Comment 2 Juan Pablo Ugarte 2013-12-21 20:34:21 UTC

Good catch, pushed in master