Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
graphviz.7527
graphviz-fix_format_string_vulnerability.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File graphviz-fix_format_string_vulnerability.patch of Package graphviz.7527
commit 99eda421f7ddc27b14e4ac1d2126e5fe41719081 Author: Emden R. Gansner <erg@alum.mit.edu> Date: Mon Nov 24 14:32:58 2014 -0500 Fix format string vulnerability in using agerr() to report errors during parsing. We now use a fixed format %s, and pass the error string as an argument. --- lib/cgraph/scan.l | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: graphviz-2.38.0/lib/cgraph/scan.l =================================================================== --- graphviz-2.38.0.orig/lib/cgraph/scan.l 2017-11-24 16:24:56.469996227 +0100 +++ graphviz-2.38.0/lib/cgraph/scan.l 2017-11-24 16:26:46.746793587 +0100 @@ -209,6 +209,7 @@ ID ({NAME}|{NUMBER}) <hstring>([^><\n]*) addstr(yytext); . return (yytext[0]); %% + void yyerror(char *str) { unsigned char xbuf[BUFSIZ]; @@ -225,7 +226,7 @@ void yyerror(char *str) agxbput (&xb, buf); agxbput (&xb, yytext); agxbput (&xb,"'\n"); - agerr(AGERR,agxbuse(&xb)); + agerr(AGERR,"%s", agxbuse(&xb)); agxbfree(&xb); } /* must be here to see flex's macro defns */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor