[vdr] vdr 1.3.44: more format string checking
Darren Salt
linux at youmustbejoking.demon.co.uk
Fri Mar 3 23:58:09 CET 2006
I've done a build of vdr 1.3.44 with -Wformat=2. This was noisier than it
might be due to some tr() calls; however, in <libintl.h>, I've spotted
something of use:
__attribute_format_arg__ (index)
With this added to the prototype for I18nTranslate, a lot of "non-constant
format string" warnings are eliminated. I've also found several possible
problems, mostly missing format strings. I don't /think/ that any of the
missing-format-string ones are exploitable (at least one definitely isn't),
but it's better to have them fixed anyway...
Patch attached. This kills all of the format string warnings which I could
find.
--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| <URL:http://www.youmustbejoking.demon.co.uk/> (PGP 2.6, GPG keys)
Don't put too fine a point to your wit for fear it should get blunted.
-------------- next part --------------
diff -urNad vdr-1.3.44~/PLUGINS/src/sky/sky.c vdr-1.3.44/PLUGINS/src/sky/sky.c
--- vdr-1.3.44~/PLUGINS/src/sky/sky.c 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/PLUGINS/src/sky/sky.c 2006-03-03 22:44:49.753371301 +0000
@@ -108,9 +108,8 @@
void cDigiboxDevice::LircSend(const char *s)
{
- const char *c = "SEND_ONCE SKY %s\n";
char buf[100];
- sprintf(buf, c, s);
+ snprintf(buf, sizeof(buf), "SEND_ONCE SKY %s\n", s);
dsyslog(buf);//XXX
if (write(fd_lirc, buf, strlen(buf)) < 0)
LOG_ERROR;//XXX _STR
diff -urNad vdr-1.3.44~/i18n.h vdr-1.3.44/i18n.h
--- vdr-1.3.44~/i18n.h 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/i18n.h 2006-03-03 22:44:49.757371043 +0000
@@ -18,7 +18,8 @@
void I18nRegister(const tI18nPhrase * const Phrases, const char *Plugin);
-const char *I18nTranslate(const char *s, const char *Plugin = NULL);
+const char *I18nTranslate(const char *s, const char *Plugin = NULL)
+ __attribute_format_arg__(1);
const char * const * I18nLanguages(void);
const char * const * I18nCharSets(void);
diff -urNad vdr-1.3.44~/menuitems.c vdr-1.3.44/menuitems.c
--- vdr-1.3.44~/menuitems.c 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/menuitems.c 2006-03-03 22:44:49.757371043 +0000
@@ -286,12 +286,13 @@
void cMenuEditStrItem::Set(void)
{
char buf[1000];
- const char *fmt = insert && newchar ? "[]%c%s" : "[%c]%s";
if (InEditMode()) {
const cFont *font = cFont::GetFont(fontOsd);
strncpy(buf, value, pos);
- snprintf(buf + pos, sizeof(buf) - pos - 2, fmt, *(value + pos), value + pos + 1);
+ snprintf(buf + pos, sizeof(buf) - pos - 2,
+ insert && newchar ? "[]%c%s" : "[%c]%s",
+ *(value + pos), value + pos + 1);
int width = cSkinDisplay::Current()->EditableWidth();
if (font->Width(buf) <= width) {
// the whole buffer fits on the screen
diff -urNad vdr-1.3.44~/recording.c vdr-1.3.44/recording.c
--- vdr-1.3.44~/recording.c 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/recording.c 2006-03-03 22:44:59.368751304 +0000
@@ -1049,7 +1049,7 @@
bool cMark::Save(FILE *f)
{
- return fprintf(f, ToText()) > 0;
+ return fprintf(f, "%s", *ToText()) > 0;
}
// --- cMarks ----------------------------------------------------------------
diff -urNad vdr-1.3.44~/svdrp.c vdr-1.3.44/svdrp.c
--- vdr-1.3.44~/svdrp.c 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/svdrp.c 2006-03-03 22:44:49.757371043 +0000
@@ -461,7 +461,7 @@
q += sprintf(q, "%*s", -MAXHELPTOPIC, topic);
}
x = 0;
- Reply(-214, buffer);
+ Reply(-214, "%s", buffer);
}
}
@@ -782,7 +782,7 @@
cBase64Encoder Base64(Image, ImageSize);
const char *s;
while ((s = Base64.NextLine()) != NULL)
- Reply(-216, s);
+ Reply(-216, "%s", s);
Reply(216, "Grabbed image %s", Option);
}
free(Image);
@@ -799,7 +799,7 @@
if (*Option) {
const char *hp = GetHelpPage(Option, HelpPages);
if (hp)
- Reply(214, hp);
+ Reply(214, "%s", hp);
else {
Reply(504, "HELP topic \"%s\" unknown", Option);
return;
@@ -1332,7 +1332,7 @@
if (*cmd && *option) {
const char *hp = GetHelpPage(option, plugin->SVDRPHelpPages());
if (hp) {
- Reply(-214, hp);
+ Reply(-214, "%s", hp);
Reply(214, "End of HELP info");
}
else
@@ -1358,7 +1358,7 @@
int ReplyCode = 900;
cString s = plugin->SVDRPCommand(cmd, option, ReplyCode);
if (s)
- Reply(abs(ReplyCode), *s);
+ Reply(abs(ReplyCode), "%s", *s);
else
Reply(500, "Command unrecognized: \"%s\"", cmd);
}
@@ -1380,7 +1380,7 @@
{
delete PUTEhandler;
PUTEhandler = new cPUTEhandler;
- Reply(PUTEhandler->Status(), PUTEhandler->Message());
+ Reply(PUTEhandler->Status(), "%s", PUTEhandler->Message());
if (PUTEhandler->Status() != 354)
DELETENULL(PUTEhandler);
}
@@ -1467,7 +1467,7 @@
// handle PUTE data:
if (PUTEhandler) {
if (!PUTEhandler->Process(Cmd)) {
- Reply(PUTEhandler->Status(), PUTEhandler->Message());
+ Reply(PUTEhandler->Status(), "%s", PUTEhandler->Message());
DELETENULL(PUTEhandler);
}
return;
diff -urNad vdr-1.3.44~/thread.c vdr-1.3.44/thread.c
--- vdr-1.3.44~/thread.c 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/thread.c 2006-03-03 22:44:49.757371043 +0000
@@ -208,7 +208,7 @@
childTid = 0;
childThreadId = 0;
description = NULL;
- SetDescription(Description);
+ SetDescription("%s", Description);
}
cThread::~cThread()
diff -urNad vdr-1.3.44~/vdr.c vdr-1.3.44/vdr.c
--- vdr-1.3.44~/vdr.c 2006-03-03 22:44:48.000000000 +0000
+++ vdr-1.3.44/vdr.c 2006-03-03 22:44:49.757371043 +0000
@@ -1067,7 +1067,7 @@
}
if (UserShutdown && Next && Delta <= Setup.MinEventTimeout * 60 && !ForceShutdown) {
char *buf;
- asprintf(&buf, tr("Recording in %d minutes, shut down anyway?"), Delta / 60);
+ asprintf(&buf, tr("Recording in %ld minutes, shut down anyway?"), Delta / 60);
if (Interface->Confirm(buf))
ForceShutdown = true;
else
More information about the vdr
mailing list