Opened 16 years ago
Closed 15 years ago
#158 closed defect (invalid)
Missing format string may lead to problems
| Reported by: | mloskot | Owned by: | pramsey |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | postgis | Version: | |
| Keywords: | printf, elog | Cc: |
Description
There are a few places, for instance lwgeom_inout.c:462 which are vulnerable to errors and even attacks.
elog is implemented in terms of printf/fprintf. Omitting format string literal is known as a potentially serious bug.
Change History (2)
comment:1 by , 16 years ago
comment:2 by , 15 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I'm not sure I understand. The format string is provided by the code farther down the line in elog. Is that a problem? Passing strings to %s wasn't described as a problem in your link.