FS#8975 - Pacman error in output string formating
Attached to Project:
Pacman
Opened by Damjan Georgievski (damjan) - Wednesday, 19 December 2007, 21:56 GMT
Last edited by Dan McGee (toofishes) - Friday, 11 January 2008, 13:06 GMT
Opened by Damjan Georgievski (damjan) - Wednesday, 19 December 2007, 21:56 GMT
Last edited by Dan McGee (toofishes) - Friday, 11 January 2008, 13:06 GMT
|
Details
Package: pacman 3.0.6-2
I discovered this by accident.. when I run: $ pacman -Qo '/opt/gnome/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' error: No package owns /opt/gnome/etc/gconf/gconf.xml.defaults/-4,12928e-79conf-tree.xml It seems that when outputing %gconf, the %g was changed to -4,12928e-79. I've not checked the source, but I guess it finds the number from some random memory address, which could potentionally be dangerous. |
This task depends upon
Closed by Dan McGee (toofishes)
Friday, 11 January 2008, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 3.1.0
This is a format string type issue, and we must have fixed it at some time. About ten minutes of looking at the code and I can't find where.
Friday, 11 January 2008, 13:06 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 3.1.0
This is a format string type issue, and we must have fixed it at some time. About ten minutes of looking at the code and I can't find where.
and prints the filename with printf, but %g has a special meaning for printf-like functions.
So pacman should replace % with %% in paths before printf-ing them.
122 if(!found) {
123 fprintf(stderr, _("error: No package owns %s\n"), filename);
124 ret++;
125 }
There should be something like escape_special_chars(filename) here.
Shouldn't printf("%s", "%gconf") output "%gconf" instead of "-4,12928e-79conf" anyway?
@Dan: sorry for bugspamming. :-(