| author | Yiteng Zhang <yiteng.zhang@oracle.com> |
| Wed, 03 Aug 2016 15:33:19 -0700 | |
| changeset 6544 | f3ddf1d33382 |
| permissions | -rw-r--r-- |
|
6544
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
1 |
From 495f781f91dca1fb165bbaa6abc0ced1c09535c8 Mon Sep 17 00:00:00 2001 |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
2 |
From: Tomas Hoger <[email protected]> |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
3 |
Date: Wed, 20 May 2015 11:15:32 +0200 |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
4 |
Subject: [PATCH] Fix agerr() format string issue in chkNum() |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
5 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
6 |
Commit 99eda42 fixed agerr() format string issue in yyerror(), but the |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
7 |
same fix is also needed for chkNum(). In chkNum(), format string can be |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
8 |
injected at least via malicious file name: |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
9 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
10 |
$ cat fs4-%n%s%s%s%s%s%s.dot |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
11 |
graph G { a [ weight = 0g ] }
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
12 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
13 |
$ dot fs4-%n%s%s%s%s%s%s.dot |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
14 |
Warning: *** %n in writable segment detected *** |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
15 |
Aborted |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
16 |
--- |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
17 |
lib/cgraph/scan.l | 2 +- |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
18 |
1 file changed, 1 insertion(+), 1 deletion(-) |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
19 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
20 |
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
21 |
index a5872f4..6aef10b 100644 |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
22 |
--- a/lib/cgraph/scan.l |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
23 |
+++ b/lib/cgraph/scan.l |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
24 |
@@ -165,7 +165,7 @@ static int chkNum(void) {
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
25 |
agxbput(&xb,buf); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
26 |
agxbput(&xb,fname); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
27 |
agxbput(&xb, " splits into two tokens\n"); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
28 |
- agerr(AGWARN,agxbuse(&xb)); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
29 |
+ agerr(AGWARN, "%s", agxbuse(&xb)); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
30 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
31 |
agxbfree(&xb); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
32 |
return 1; |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
33 |